Analyze Desktop App

  1. Run PrivEsc scripts to find low hanging fruits

  2. Check Behaviour

  3. ProcessMonitor

    • C:\ProgramData

    • C:\Windows\Temp

    • C:\Users\xct\AppData

  4. ProcessExplorer

  5. Monitor \ProgramData\

  6. Analyze Code in DnSPY/IDA


  • Installed services (both the service permissions and the service executable/path permission)

  • Named pipes (and their ACLs)

  • Log file permissions in folders like C:\ProgramData

  • Network sockets

  • DCOM servers and hosted interfaces

Last updated