https://www.zdnet.com/article/researcher-finds-simple-way-of-backdooring-windows-pcs-and-nobody-notices-for-ten-months/
By Catalin Cimpanu
Zero Day
ZDNet
October 17, 2018
A security researcher from Colombia has found a way of gaining admin
rights and boot persistence on Windows PCs that's simple to execute and
hard to stop --all the features that hackers and malware authors are
looking for from an exploitation technique.
What's more surprising, is that the technique was first detailed way back
in December 2017, but despite its numerous benefits and ease of
exploitation, it has not received either media coverage nor has it been
seen employed in malware campaigns.
Discovered by Sebastián Castro, a security researcher for CSL, the
technique targets one of the parameters of Windows user accounts known as
the Relative Identifier (RID).
The RID is a code added at the end of account security identifiers (SIDs)
that describes that user's permissions group. There are several RIDs
available, but the most common ones are 501 for the standard guest
account, and 500 for admin accounts.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
