How To Pass OSCP Series: Windows Privilege Escalation Step-by-Step Guide

Overview This book is the first of a series of How To Pass OSCP books and focus on techniques used in Windows Privilege Escalation. This is a step-by-step guide that walks you through the whole process of how to escalate privilege in Windows environment using many common techniques. We start by gathering as much information about the target as possible either manually or using automated scripts. Next, we search for misconfigured services or scheduled tasks, insufficient file permission on binaries or services, vulnerable kernel, vulnerable software running with high privileges, sensitive information stored on local files, credential saved in the memory, registry settings that always elevate privileges before executing a binary, hard-coded credential contained in the application configuration files, and many more. Who this book is for? If you are a cybersecurity professional who wants to be certified as an Offensive Security Certified Professional (OSCP), then this book is for you. It is also for those who want to learn about offensive security, Windows security and configuration, and penetration testing. Since everyone's background and experience are different, the author wrote this book in the way that you can pick any chapter that sounds interesting to you and flip to it, rather than starting at the very beginning. Table of Contents Introduction Section One: Windows Configuration Chapter 1: AlwaysInstallElevated Section Two: Domain Controller Chapter 2: Zerologon Section Three: Windows Service Chapter 3: Service - Insecure File Permission Chapter 4: Service - Unquoted Path Chapter 5: Service - Bin Path Chapter 6: Service - Registry Chapter 7: Service - DLL Hijacking Section Four: Scheduled Tasks Chapter 8: Scheduled Tasks Section Five: Windows Registry Chapter 9: Autorun Chapter 10: Startup Applications Section Six: Windows Kernel Chapter 11: Kernel - EternalBlue Chapter 12: Kernel - MS15-051 Chapter 13: Kernel - MS14-058 Section Seven: Potato Exploits Chapter 14: Juicy Potato Chapter 15: Rogue Potato Section Eight: Password Mining Chapter 16: Password Mining - Memory Chapter 17: Password Mining - Registry Chapter 18: Password Mining - SiteList Chapter 19: Password Mining - Unattended Chapter 20: Password Mining - Web.config Section Nine: UAC Bypass Chapter 21: User Account Control Bypass About the author Alan Wang has over 20 years of experience in IT security and developing standardized methodologies for the enterprise to drive business enabling cybersecurity programs and promote industry standards and risk-based investments to maximize business opportunity and minimize risk. He created a Digital Risk platform that enables enterprises across industries to manage business and cyber risks based on a foundation of good governance as well as risk optimization. Throughout his career, he also conducts and directs information security risk assessment efforts as well as provides risk assessment expertise on complex systems. For more information, please visit www.howtopassoscp.com.