so.cl

Recently i had the opportunity to read through some of my old repos because i wanted to reuse some code i used for a UIPI bypass in the past, aiming to adapt it to a new hidden feature of the task manager for a sneaky and for-fun UAC bypass.

Luckily, i stumbled upon another UAC related project (a 2 years old project) in which i tried to implement an idea to bypass UAC through some particular SSPI configurations, but i failed miserably that time.

Upon re-reading the code, a light bulb came to my mind so i tried a different exploitation path and it ended up with a new cool UAC bypass! So let’s jump straight to it. Bypassing UAC with SSPI Datagram Contexts