In my previous post, I described how one could leverage CVE-2019-0841 to backdoor the LAPS AdmPwd.dll
for EoP to NT AUTHORITY\SYSTEM
. The obvious question is that if a machine is not using LAPS, what can you do…? Well Rich Warren provided one solution, by using the Windows Diagnostics Hub Standard Collector Service.
Continue reading
