Matt NelsoninPosts By SpecterOps Team MembersCVE-2023–4632: Local Privilege Escalation in Lenovo System UpdaterVersion: Lenovo Updater Version <= 5.08.01.0009 Operating System Tested On: Windows 10 22H2 (x64) Vulnerability: Lenovo System Updater…4 min read·Oct 26, 2023--1--1
Matt NelsoninPosts By SpecterOps Team MembersCVE-2019–12757: Local Privilege Escalation in Symantec Endpoint ProtectionSymantec Endpoint Protection Version: 14.2 RU1 Build 3335 (14.2.3335.1000) and below Operating System Tested On: Windows 10 1803 x645 min read·Nov 15, 2019----
Matt NelsoninPosts By SpecterOps Team MembersAvira Optimizer Local Privilege EscalationVersion: Avira Optimizer < 1.2.0.367 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Avira Optimizer Local Privilege…7 min read·Aug 29, 2019----
Matt NelsoninPosts By SpecterOps Team MembersCVE-2019–13382: Local Privilege Escalation in SnagItVersion: Snagit 2019.1.2 Build 3596 Operating System tested on: Windows 10 1803 (x64) Vulnerability: SnagIt Relay Classic Recorder Local…7 min read·Jul 24, 2019--2--2
Matt NelsoninPosts By SpecterOps Team MembersCVE-2019–13142: Razer Surround 1.1.63.0 EoPVersion: Razer Surround 1.1.63.0 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Razer Surround Elevation of Privilege…5 min read·Jul 5, 2019----
Matt NelsoninPosts By SpecterOps Team MembersRazer Synapse 3 Elevation of PrivilegeProduct Version: Razer Synapse 3 (3.3.1128.112711) Windows Client Downloaded from: https://www.razer.com/downloads Operating System…8 min read·Jan 21, 2019----
Matt NelsoninPosts By SpecterOps Team MembersCVE-2018–8414: A Case Study in Responsible DisclosureThe process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had…12 min read·Oct 23, 2018--1--1
Matt NelsoninPosts By SpecterOps Team MembersCVE-2018–8212: Device Guard/CLM bypass using MSFT_ScriptResourceDevice Guard and the enlightened scripting environments that come with it are a lethal combination for disrupting attacker activity…4 min read·Oct 10, 2018----
Matt NelsoninPosts By SpecterOps Team MembersThe Tale of SettingContent-ms FilesAs an attacker, initial access can prove to be quite the challenge against a hardened target. When selecting a payload for initial access…9 min read·Jun 11, 2018--6--6
Matt NelsoninPosts By SpecterOps Team MembersReviving DDE: Using OneNote and Excel for Code ExecutionTL;DR: You can achieve DDE execution with Excel SpreadSheets embedded within OneNote. This bypasses the original Excel mitigation ruleset…6 min read·Jan 29, 2018----