%systemroot% windows 10

broken image

In our last post on this topic, we have demonstrated that changing a location referred to by environment variables can divert file operations from a legitimate path to a possibly malicious one.

broken image

This is a continuation of our research as described in a previous post: Elastic Boundaries – Elevating Privileges by Environment Variables Expansion. This code leverages a rather unusual scenario within Windows OS. They and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the a system.

broken image

Windows environment variables can be used to run commands. A FortiGuard Labs Threat Analysis Report : This blog originally appeared on the enSilo website on November 24, 2016, and is republished here for threat research purposes. enSilo was acquired by Fortinet in October 2019.

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save