Marina

Windows LPE -> Priv Util via embeded psexec-> nt-authority\system Eden is a great project which I contributed to made by @marinaiced , using it I managed to escalate from base user permissions to system level.

Using this for eden btw 🥱

@Klonolan @girlsbian_ Humans don't have scales. If you're talking softness, skin cells respond to sex hormones. More estrogen means softer skin. More testosterone means rougher skin.

@girlsbian_ That's fkn nasty 🤢 Your bones won't change & your skin will always have that male pattern of scales

THERE ARE BOOBS GROWING OUT OF ME

@ChaoticEclipse0 Doesn't seem like you can. The closest thing I could find is that defender adds: <OperationParam path="\ProgramData\Microsoft\Windows Defender\Offline Scanner\OfflineScannerShell.exe &lt;-Threshold -AutoScan -Inbox -UpdateSugs -ConsoleUi %gt;"/> But that doesn't offline scan

Can anyone figure out how to initiate a Defender offline scan just by editing ReAgent.xml ? I'm pretty sure there must be a way to do so. I'm gonna go do my medically induced comma and hopefully wake up to someone replying with some good news.

@ChaoticEclipse0 They *just* added greatxml to defender's scan list😭 saw it happen in real time

I may have just made the Greatest XML in all of XML history.

Found another UAC bypass chain. The hardest part is getting into the right place to where you can request what you need. This one I found involves Explorer and the idiocracy of Windows developers. Will post more about it if I don't hear back from someone by next week.

My user to SYSTEM privilege escalation poc, Eden, remains completely undetected :3 #cybersecurity #exploit #exploitchain #windows

Any who, I created a exploit that launches with basic permissions and laterally moves up to SYSTEM permissions. I named it Eden. POC will be release sometime when I feel that it's completed enough.

On Windows default settings, any application can do this. Microsoft's response is to use a local account for daily use. Yet, they don't give you that option during setup. The regular user will not know how to do this and is extremely vulnerable to this type of exploit.

Inspired by some security researchers, I decided to go on my own path of finding Windows vulnerabilities and weaknesses. Microsoft has insisted "Same-desktop Elevation in UAC isn't a security boundary." At what point does it become a security issue?

@notnullptr Is there any possibility of multiplayer, do you think?

the leaked minecraft console source code builds and runs! use visual studio 2012 in debug mode using the Windows64 config. also, you might need to remove references to the xbox sdks in the csproj files.