module
Windows UAC Protection Bypass (Via FodHelper Registry Key)
| Disclosed |
|---|
| May 12, 2017 |
Disclosed
May 12, 2017
Description
This module will bypass Windows 10 UAC by hijacking a special key in the Registry under
the current user hive, and inserting a custom command that will get invoked when
the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC
flag turned off.
This module modifies a registry key, but cleans up the key once the payload has
been invoked.
The module does not require the architecture of the payload to match the OS. If
specifying EXE::Custom your DLL should call ExitProcess() after starting your
payload in a separate process.
the current user hive, and inserting a custom command that will get invoked when
the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC
flag turned off.
This module modifies a registry key, but cleans up the key once the payload has
been invoked.
The module does not require the architecture of the payload to match the OS. If
specifying EXE::Custom your DLL should call ExitProcess() after starting your
payload in a separate process.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.