Обход UAC, и Load untrusted code to signed/trusted code and level up to SYSTEM on fly

Обход UAC, и Load untrusted code to signed/trusted code and level up to SYSTEM on fly
Презентация - http://kitsune.online/src/UAC.potx
Any windows BackDooring;) - http://kitsune.online/src/Add-RegBackdoor.ps1
FuckUac/FuckSystem - http://kitsune.online/src/invoke-uac-me.ps1
Windows Shim DB add our malware - http://kitsune.online/src/shim.cpp
Russian/English Add U ass to SYSTEM -http://kitsune.online/src/UAC.potx
Methodic
^(o-o)^~~ Leo Davidson method
^(o-o)^~~ Application Compatibility Shim Redirect method, from WinNT/Gootkit
^(o-o)^~~ ISecurityEditor WinNT/Simda method, used to turn off UAC
^(o-o)^~~ Wusa method used by Win32/Carberp
^(o-o)^~~ Appinfo.dll way of whitelisting autoelevated applications and KnownDlls cache changes
^(o-o)^~~ Memory patching from MS "Fix it" patch shim (and as side effect arbitrary dll injection)
^(o-o)^~~ Windows 10 sysprep method, abusing different dll dependency added in Windows 10
^(o-o)^~~ Microsoft Management Console and EventViewer missing dependency
^(o-o)^~~ WinNT/Sirefef method, abusing appinfo.dll way of whitelisting OOBE.exe
^(o-o)^~~ Win32/Addrop method, also used in Metasploit uacbypass module
^(o-o)^~~ Microsoft GWX backdoor
^(o-o)^~~ Appinfo whitelist/logic/API choice&usage
^(o-o)^~~ Microsoft Management Console and incorrect dll loading scheme
^(o-o)^~~ SxS DotLocal and targeting consent to gain system privileges
^(o-o)^~~ Package Manager and DISM

Art of exploiting

Stoned Bootkit Framework

Stoned Bootkit Framework
Stoned Bootkit Framework
What is Stoned Bootkit?

Stoned Bootkit Framework.zip

A bootkit is a boot virus that is able to hook and patch Windows to get load into the Windows kernel, and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption, because the master boot record (where Stoned is stored) is not encrypted. The master boot record contains the decryption software which asks for a password and decrypts the drive. This is the weak point, the master boot record, which will be used to pwn your whole system. No one’s secure!

attacks Windows XP, Sever 2003, Windows Vista, Windows 7 with one single master boot record
attacks TrueCrypt full volume encryption
has integrated FAT and NTFS drivers
has an integrated structure for plugins and boot applications (for future development)