Cmd Hijack - a command/argument confusion with path traversal in cmd.exe

This one is about an interesting behavior 🤭 I identified in cmd.exe in result of many weeks of intermittent (private time, every now and then) research in pursuit of some new OS Command Injection attack vectors. So I was mostly trying to: * find an encoding missmatch between some command check/sanitization code and the rest of the program, allowing to smuggle the ASCII version of the existing command separators in the second byte of a wide char (for a moment I believed I had it in the StripQ

V0lCk3r (@ourahali) / X

Indirect Command Execution: Defense Evasion (T1202) - Hacking Articles

ULPT: if your school gives you laptops but doesn't let you change or download anything on them, hold down the power button a few times, then use repair mode to reset windows

Cmd Hijack - a command/argument confusion with path traversal in cmd.exe

0xdf hacks stuff CTF solutions, malware analysis, home lab development

Vulnerability Summary for the Week of August 8, 2022

0xdf hacks stuff CTF solutions, malware analysis, home lab development

Top 11 exploited vulnerabilities for initial access and compromise in '22, by Winter_Soldiers

PowerShell may spoil command-line arguments when running external programs – Event Log Explorer blog

Cmd Hijack - a command/argument confusion with path traversal in cmd.exe