LPE на Windows - CVE-2025-21204
Разбор: https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204
PoC: https://raw.githubusercontent.com/eshlomo1/CloudSec/refs/heads/main/Attacking%20the%20Cloud/CVE-2025-21204/Exploit-CVE2025-UpdateStackLPE-NonAdmin.ps1
#lpe #windows #infra
Разбор: https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204
PoC: https://raw.githubusercontent.com/eshlomo1/CloudSec/refs/heads/main/Attacking%20the%20Cloud/CVE-2025-21204/Exploit-CVE2025-UpdateStackLPE-NonAdmin.ps1
#lpe #windows #infra
CYBERDOM
Abusing the Windows Update Stack to Gain SYSTEM Access (CVE-2025-21204)
The CVE-2025-21204 is precisely that kind of vulnerability. It doesn't require a zero-day exploit or complex memory corruption chain. It doesn't need a phishing campaign or a dropped malware loader. All it takes is: A misused filesystem trust, a writable…
Forwarded from Whitehat Lab
Google Docs
ADCS Attack Techniques Cheatsheet
И в дополнение к предыдущему посту, сравнительная табличка по инструментам
Отличная шпаргалка по атакам на ADCS
Разобраны основные инструменты для проверки и эксплуатации уязвимостей
#adcs #active_directory #windows #esc #pentest
Please open Telegram to view this post
VIEW IN TELEGRAM