r4wd3r/RID-Hijacking r4wd3r/RID-Hijacking

  • Stars
    star
    164
  • Rank 228,987 (Top 5 %)
  • Language
    PowerShell
  • Created about 6 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
r4wd3r/RID-Hijacking
github

r4wd3r

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Windows RID Hijacking persistence technique

RID Hijacking: Maintaining Access on Windows Machines

Arsenal

The RID Hijacking hook, applicable to all Windows versions, allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes of an user.

By only using OS resources, it is possible to replace the RID of an user right before the primary access token is created, allowing to spoof the privileges of the hijacked RID owner.

Modules

Slides

Derbycon 8.0

References

r4wsecurity: RID Hijacking - Maintaining access on Windows Machines

More Repositories

1

Suborner

C#
462
star
2

ADPWN

Useful Windows and AD tools
Python
15
star
3

xpltdev

Exploit development and geek stuff.
Python
2
star
4

VAGO

Visual Advanced Analysis oooooooooof Passwords
Python
1
star