Windows
Named Pipes
Named Pipes are a remotely accessible, socket-like interface. Use IONinja to inspect traffic.
Resources
FeedbackHub
Is a WinRT app, we have dlls and .winmd files. The .winmd files can be loaded into dnSpy, the dlls in Ida, which gives some type information.
Path Redirection without Controlling File Contents
DoS: We can write to C:\Windows\System32\en\Microsoft.Windows.Common-Controls.DLL
, which will prevent windows from booting.
DACL
Consist of a series of ACE (Access Control Entities). Order matters (first match principle). Stored in SDDL format:
Example:
In an AD environment we can use PowerViews Get-ObjectAcl -Identity ... to view the ACLs (in a more readable format, use ConvertFrom-SID to get names from SIDs).
Tools
Last updated