Mike

File system redirection has long been a tool for attackers seeking privilege escalation. RedirectionGuard, a new Windows mitigation, is designed to block malicious junction-based redirection by default, strengthening system security. Key Features of RedirectionGuard: •Blocks junction traversal only when followed by an opted-in process and when created by a non-admin user. •Stores privilege metadata in an admin-only alternate data stream to verify junction trustworthiness. •Already enabled in Windows Insider builds for User Profile Service, AppX Deployment Service, and Installer Service, historically among the most vulnerable components. Learn more in our new blog by Mike Macelletti (@pintostart), Senior Security Researcher, Microsoft: msft.it/6018SIil0 Many thanks to Georgios Baltas (@gebaltas) and James Forshaw (@tiraniddo) for their contributions.

@galdeleon Great blog post, and you're right that it isn't enabled for any processes on Windows 10 yet (keep an eye out next month though). But if you scan on Windows 11, and better yet an insider build, you will see a different story.

Here is my blogpost about Windows trust redirection mitigation - preventing junction EoP exploits unit42.paloaltonetworks.com/junctions-wind… #vulnerability #exploit #windows

Back by popular demand! This time I wrote one of the pwnables.

RPISEC finally won #CSAW17 CTF 😭

Registration for Hack the Vote CTF now open: pwn.voting