Last year, I discovered a binary bug in the AdGuard driver. Its ID in the National Vulnerability Database is CVE-2022-45770. I was disassembling the ad blocker and found a way to use the identified vulnerability for local privilege escalation. As a bonus, this article gives insight into the low-level Windows structure.

In penetration testing, there’s a world of difference between reconnaissance (recon) and data collection (enum). Recon involves passive actions; while enum, active ones. During recon, you use only open sources (OSINT), and the target system is not affected in any way (i.e. all actions are performed anonymously). By contrast, at the enumeration (data collection) stage, you interact with the target. This article discusses the data collection stage as an integral component of any pentesting study.

In this article, I’ll show how to modify a standalone Python interpreter so that you can load malicious dependencies directly into memory using the Pyramid tool (not to be confused with the web framework of the same name). Potentially, this enables you to evade antivirus protection in pentesting studies and conceal a suspicious telemetry source from EDR in the course of Red Team operations.