Bypassing Windows User Account Control: Back For More

**DISCLAIMER** Before proceeding, as an ethical hacker I am compelled to warn those reading that this information is solely intended to be used in conjunction with sanctioned Red Team [pentesting] activities as part contracted services with the explicit permission of the target. When conducting penetration testing, it is advisable to protect yourself with a proper contract that is signed by the target organization allowing you permission to โ€œhackโ€ their organization for pentesting/vulnerability assessment that contains the scope of the operation. Exercise due caution accordingly. Consider yourself warned! Any other use could be illegal.

Windows OS Lifecycle End of Life (EOL) Dates; credit: BT.com
North Korean Lazarus APT attack lifecycle; Credit: FireEye
Credit: MITRE ATT&CK techniques
Cymmetria โ€œPatchworkโ€ APT infection stages
A clever spearphishing campaign involving a .pps (Powerpoint Slideshow) file loaded with malware

Disabling UAC

UAC is designed to protect critical system processes from tampering
โ€œHow to disable UAC;โ€ credit: GFI Software
PowerShell script to disable UAC; credit: Vincent Boots via Microsoft TechNet

The Four Horsemen (Levels) of UAC Notification

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store