Windows Priv Esc

[Michael (alan1998)]

https://www.youtube.com/watch?v=3BQKpPNlTSo

[polonus]

Hi Michael (alan1998),

Read here: https://sevrosecurity.com/checklists/windows-priv-esc

Time for fuzzing and reverse engineering: https://github.com/AonCyberLabs/Windows-Exploit-Suggester
but leave your white hat on, always.

Welcome to the world of trons, unpacking of packed DOS binaries, as malcreants usually do not give explanations as how they create their malware, so reverse engineering can bring welcome insights. I am an adept of the much missed F.R.A.V.I.A (R.I.P), a well-known reverse engineer before he left that for searchlores guru instructions ( Fravia stated that a good searcher can be more dangerous than any evil hacker).
Read: www.darkridge.com/~jpr5/mirror/fravia.org/projunpa.htm etc.
Windows based on DOS, so unpack packed DOS binairies with DOSBox debugger:
https://www.codejuggle.dj/unpack-dos-binaries-dosbox-debugger/

polonus

P.S. Like to analyze through Snort what I am up against also under Windows,
therefore I use Snort Analyzer with Wireshark for instance.
read: https://asecuritysite.com/forensics/snort?fname=dnslookup.pcap&rulesname=rulesdns.rules

Damian

[polonus]

Here we have an IDS example for a malicious library presented as jQuery.js
SNYK report: https://snyk.io/test/npm/jquery.js/1.0.2
Examples in the real digital wild: https://maltiverse.com/search;query=jquery.js;page=1;sort=query_score

This happens when you are dealt to believe something to be the one thing
and it turns out to be something completely different (malware).

Actually jQuery.js as nemucod ransomeware as example: https://maltiverse.com/sample/e13d6e7e7f66c8a14c769f0ef519b11f54914f57a8f7666b4198f57df7a29502

polonus