Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear enrichment

Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print

As this series was dedicated to Windows Privilege escalation thus I’m writing this Post to explain command practice for kernel-mode exploitation. Table of Content What

 An attacker can exploit Windows Task Scheduler to schedule malicious programs for initial or recurrent execution. For persistence, the attacker typically uses Windows Task Scheduler

CVE-2021-36934 also known as SeriousSAM and HiveNightmare vulnerability was discovered by Jonas Lykkegaard in July 2021. Due to an ACL misconfiguration in Windows 10 post-build

If an attacker finds a service that has all permission and its bind with the Registry run key then he can perform privilege escalation or

The Windows Startup folder may be targeted by an attacker to escalate privileges or perform persistence attacks. By adding an application to a startup folder

Stored Credentials Exploitation is a technique attackers use to increase privileges in Microsoft Windows. Therefore, it allows attackers to escalate their access by exploiting weaknesses

Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting Weak