access-control
2 posts tagged access-control.
-
The Integrity-Level Stack: MIC, UIPI, and Twenty Years of UAC's Quiet Plumbing
What UAC actually is beneath the consent prompt: Mandatory Integrity Control, UIPI, the split-token model, and twenty years of bypass research as proof.
-
"Can This Code Do This?" -- Twenty-Five Years of Attacks on the Windows Access-Control Model
How a single kernel function, SeAccessCheck, decides every Windows operation -- and how Mimikatz, the Potato lineage, and seventy UAC bypasses each attack one of its inputs.