Whenever I have a chance I use my time diving into Windows internal binaries to uncover hidden functionality. This blogpost is dedicated to things I have discovered with the CMSTP.exe binary file. I found a UAC Bypass using sendkeys and a way to load DLL files from a Webdav server. I know the bypass I … Continue reading Research on CMSTP.exe
Month: August 2017
Bypassing Device guard UMCI using CHM – CVE-2017-8625
TL;DR You could/can bypass Device Guard user mode code integrity with a custom CHM and execute code. The last 6 months I have done some security research on my (little) spare time, because I find that very interesting. During this time, I was lucky enough to find another valid Device Guard UMCI bypass (I found … Continue reading Bypassing Device guard UMCI using CHM – CVE-2017-8625
Oddvar Moe's Blog 