SeImpersonatePrivilege Exploitation

Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. Specifically, in this video we analyze an exploitation technique which can be used anytime we find a user with the SeImpersonatePrivilege and which allows to obtain administrator code execution. I hope you find it helpful, and I would appreciate if you leave your feedback down in the comments, and share this series with like-minded people. Thank you very much! ------------------------- TIMESTAMP 00:00 Introduction 01:05 Setup 04:01 On SeImpersonatePrivilege 06:55 Exploitation 14:30 Conclusion ------------------------- REFERENCES - Material: https://github.com/LeonardoE95/yt-en/tree/main/src/TBD-windows-privesc-windows-impersonate-privilege - MS doc: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/seimpersonateprivilege-secreateglobalprivilege - Origin of Rotten Potato: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/ - SeImpersonatePrivilege: https://juggernaut-sec.com/seimpersonateprivilege/ - PrintSpoofer: https://github.com/itm4n/PrintSpoofer - GodPotato: https://github.com/BeichenDream/GodPotato ------------------------- CONTACTS - Blog: https://blog.leonardotamiano.xyz/ - Github: https://github.com/LeonardoE95?tab=repositories - Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ