This chapter will teach you about Windows Access Control and how to find instances of misconfigured access control that are exploitable for local privilege escalation. We cover the following topics:
• Why access control is interesting to a hacker
• How Windows Access Control works
• Tools for analyzing access control configurations
• Special SIDs, special access, and “access denied”
• Analyzing access control for elevation of privilege
• Attack patterns for each interesting object type
• What other object types are out there?
Access control is about the science of protecting things. Finding vulnerabilities in poorly implemented access control ...