Command Injection/Elevation – Environment Variables Revisited

Vulnerabilities, Windows, code injection, elevation, command injection, UAC, variables, enSilo Breaking Malware, enSilo Corporate and Product

Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the system. This code leverages a rather unusual scenario within Windows OS.

This is a continuation of our research as described in a previous post: Elastic Boundaries – Elevating

Read More

Elastic Boundaries – Elevating privileges by environment variables expansion

Vulnerabilities, Windows, code injection, bypass UAC, elevation, environment variable, path redirect, UAC, variable expansion, enSilo Breaking Malware, enSilo Corporate and Product

Even though any process is provided with variables from its environment, they are often overlooked by users, developers and sometimes even the OS itself.

Read More