• Stars
    star
    164
  • Rank 230,032 (Top 5 %)
  • Language
    PowerShell
  • Created over 6 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Windows RID Hijacking persistence technique

RID Hijacking: Maintaining Access on Windows Machines

Arsenal

The RID Hijacking hook, applicable to all Windows versions, allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes of an user.

By only using OS resources, it is possible to replace the RID of an user right before the primary access token is created, allowing to spoof the privileges of the hijacked RID owner.

Modules

Slides

Derbycon 8.0

References

r4wsecurity: RID Hijacking - Maintaining access on Windows Machines