Analyze Desktop App
Run PrivEsc scripts to find low hanging fruits
Check Behaviour
ProcessMonitor
C:\ProgramData
C:\Windows\Temp
C:\Users\xct\AppData
ProcessExplorer
Monitor \ProgramData\
Analyze Code in DnSPY/IDA
Checklist
Installed services (both the service permissions and the service executable/path permission)
Named pipes (and their ACLs)
Log file permissions in folders like C:\ProgramData
Network sockets
DCOM servers and hosted interfaces
Last updated