ITSEC Newsletter 2023-06-22

"In the realm of cybersecurity, privilege escalation attacks pose a significant threat to system security. One such vulnerability that gained attention in recent years is the “Potato” attack (CVE-2023–21746). This attack exploits a security flaw in Windows’ NTLM, allowing attackers to elevate their privileges to the SYSTEM level. This article provides an overview of the “Potato” attack, delves into its background, and outlines how penetration testers can replicate the attack in a controlled lab environment."

"In today’s post, we will be covering the Windows Filtering Platform (WFP ) and how it can be used to process network packets via our driver. Specifically, we will be focusing on ICMP packets. Given the basic nature of this protocol, we will also delve into creating a custom “protocol” within ICMP itself that will enable us to issue commands to the machines that have our driver installed."

"The abuse of misconfigured Access Control Lists is nothing new. However, it is still one of the main ways of lateral movement and privilege escalation within an active directory domain. In this post, we will discuss, in a general overview, some concepts that will help us understand how Windows handles access relationships and privileges between objects and how to enumerate these relationships."