Slides

UAC 0day, all day!

In July of 2017 Ruben Boonen delivered a 4 hour workshop at DefCon on User Account Control (UAC). The workshop demonstrated fundamental design flaws in the current implementation of UAC and provided attendees with the required knowledge/tools to identify and exploit these flaws.

The workshop covered such topics as elevated copy using WUSA/IFileOperation, PSAPI, WinSxS, hijacking of DLL's/registry entries/COM objects/environment variables and abusing the design of split-token administrators. Throughout the workshop a number of UAC 0days were disclosed affecting all versions of Windows from 7 upward.

The accompanying tools and lab write-up can be found on Github.