This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:SoftwareClassesexefileshellopencommand), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.

This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe (auto elevate windows binary) execution.

This exploit modifies a windows language registry key which causes some windows binaries to stick, including login which makes the session unusable. The key is in HKCU and can be modified without admin rights, but with a bypass UAC, all user sessions can be paralyzed by using reg.exe and user's NTUSER.DAT.

This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS.

The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the binary as a privileged user.

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities.

Hacking Windows CE - This paper shows a buffer overflow exploitation example in Windows CE. It covers knowledge about the ARM architecture, memory management and the features of processes and threads of Windows CE. It also shows how to write a shellcode in Windows CE including knowledge about decoding shellcode of Windows CE.

Windows Mobile version 6.5 TR (WinCE 5.2) MessageBox shellcode for ARM.

Microsoft Windows Vista/7 suffers from a DLL hijacking vulnerability in lpksetup.exe.

Microsoft Windows Vista / 7 privilege escalation exploit that has UAC bypass.

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.

Microsoft Windows Vista/Server 2008 nsiproxy.sys local kernel denial of service exploit.

Swaparoo - Windows backdoor method for Windows Vista/7/8. This code sneaks a backdoor command shell in place of Sticky Keys prompt or Utilman assistant at login screen.

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as those using Office 2010 SP1 may be less stable, and may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

Windows Defender Antivirus version 4.18.1908.7-0 suffers from a file extension spoofing vulnerability.

This is a proof of concept exploit that demonstrates the Microsoft Windows CryptoAPI spoofing vulnerability as described in CVE-2020-0601 and disclosed by the NSA.

NTCrackPipe is a basic local Windows account cracking tool.

WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.

Despite its thriving automotive sector, Gothenburg is vulnerable to global economic pressures. However, local authorities are confident that their strategies will see the city ride out the uncertainties related to Brexit and the US-China trade wars.

GE Renewable Energy announced the shipment of the four tower sections that will be part of GE’s Haliade-X 12 MW prototype to be installed later this summer in Maasvlakte-Rotterdam (NL). The four segments at tower manufacturer GRI’s site in Seville, will be arriving in the Netherlands before the end of the month.

The Scottish government has given utility Scottish Power the go-ahead to install Europe’s biggest industrial-scale battery to date to store energy generated at the 539MW Whitelee onshore wind farm.

On June 12, Target corporation said it was increasing its renewable energy goals by committing to source 100 percent of its electricity from renewable sources by 2030. The goal applies to all of Target’s domestic operations.

The 122.4-MW Bicentennial Wind Farm has been inaugurated in the Santa Cruz province of Argentina and is currently the largest wind farm in the country, according to BNamericas.

In early June, the UK enshrined into law a commitment to reach net zero carbon emissions by 2050, making Britain the first major economy to do so. Meeting this target will require substantial reliance on renewable energy from solar, tidal, hydro, and wind sources, both onshore and offshore.

Wind or solar now represent the least expensive option for adding new power generation capacity in approximately two-thirds of the world.

Last week, the New Jersey Board of Public Utilities announced it selected Ocean Wind, an offshore wind energy project proposed by Ørsted with support from PSEG, to develop an 1,100 MW offshore wind farm. Ocean Wind will be located 15 miles off the coast of Atlantic City. Construction is expected to commence in the early 2020s, with the wind farm operational in 2024.

This week the Global Wind Energy Council (GWEC) launched the first edition of its Global Offshore Wind Report, which provides a comprehensive analysis of the prospects for the global offshore wind market, including forecast data, market-level analysis and review of efforts to lower costs.

An Abu Dhabi-based company that builds drilling platforms for oil giant Saudi Aramco plans to diversify into renewable energy by supplying gear for offshore wind farms.

China’s National Development and Reform Commission (the NDRC) issued a Circular on Policies of Improving the Electricity Price for On-Grid Wind Power (the Circular) at the end of May 2019. According to the Circular, the price of electricity from offshore wind power projects is cut to 0.8 yuan per kWh [US $0.12 per kWh] in 2019 and will further drop to 0.75 yuan [US $0.11] per kWh in 2020.

Dominion Energy has begun construction on the Coastal Virginia Offshore Wind (CVOW) project, which will feature two 6-MW wind turbines and power about 3,000 homes.

A 138 MW windfarm in Turkey is to be powered by 27 turbines from GE Renewable Energy.

GE Renewable Energy has taken a major step to cement its offshore wind operations in China.

Yesterday, National Grid, through its competitive non-regulated unit National Grid Ventures (NGV), completed its $100 million acquisition of Geronimo Energy - a wind and solar developer in North America. The deal, which was announced on March 7th, 2019, has now satisfied all regulatory requirements and closing conditions.

The projects include a 999-MW wind facility being built north of Weatherford, a 287-MW wind facility being built southwest of Enid, and a 199-MW facility being built south of Alva. They are being developed by Invenergy.

Turkeler and RT Enerji have chosen GE Renewable Energy to supply equipment for five onshore wind farms being built in Turkey.

New York has signed the biggest-ever deals for offshore wind power in U.S. history, a key part of the state’s plan to get all of its power from emissions-free sources by 2040.

The Lockett Wind farm in Wilbarger has the potential to generate more than 700,000 MWh of renewable energy per year, enough to power the equivalent of 70,000 homes. 

Saudi Arabia, the world’s biggest oil exporter, is poised to start generating wind power within three years as part of an effort to harness renewable energy to cut local demand for fossil fuels.