Bypass User Account Control in Windows 10

A new method that allows you to track applications to control access to accounts (UAC) in Windows 10, described in detail security security by Matt Nelson.

Over the past few months, Nelson has described in detail the exit technique, which is very different from previous devices, the new method “does not rely on the IFileOperation / DLL hijacking approach.” Because Microsoft binary files automatically increase due to their manifest, the researcher decided to study the problem with the sdclt.exe tool associated with the “Backup and Restore” tool in Windows.

In his post, Pierluigi Paganini described the study of Matt Nelson. However, one thing that this method does not take into account, however, are the parameters, which means that the attacker must put the payload on the disk. In addition, the expert published the PoC script to demonstrate this method, he explained that the attack can be prevented by setting the level of account control “Always notify” or by removing the current user from the “Local Administrators” group.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.