Registry Exploitation Techniques

Windows Registry-Based privilege escalation often involves misconfigured keys that can be modified by low-privileged users to execute malicious commands or binaries with elevated privileges. Two Common Attack paths include:

AlwaysInstallElevated - A setting that, if enabled in both machine and user scope, allows MSI packages to be installed with SYSTEM privileges.
Autorun Keys - Persistent registry keys that execute binaries during user logon or system startup.

PreviousGodPotato exploit NextAlwaysInstalledEvevated Exploitation

Last updated 18 days ago