Lol “carefully crafted sequence”. This is just like back in early versions of Windows where the login screen let you open a help menu, which let you open a file picker, which let you open any file.
Windows is a pile of shit stacked way too high.
Alph4d0g@discuss.tchncs.de
on 09 Aug 04:39
nextcollapse
That sounds dangerous. I’ll keep my distance lest that pile topples.
Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.
You can also up your UAC security level, so it requires your password, like most Linux distros do. This can (disregarding bypasses like this one) thwart keystroke injection attacks like that from a USB Rubber Ducky.
threaded - newest
Lol “carefully crafted sequence”. This is just like back in early versions of Windows where the login screen let you open a help menu, which let you open a file picker, which let you open any file.
Windows is a pile of shit stacked way too high.
That sounds dangerous. I’ll keep my distance lest that pile topples.
Brah, other OS’s are full of holes too.
Whataboutism
No it provides context that everything is like Swiss cheese
Microshit is just extra holey
tbh, there’s no decent OS. They all have issues.
Clearly haven’t used TempleOS. It was literally given to us by god. It’s perfect.
TIL that ResHacking a manifest is “sophisticated” lol
It is not necessary for the attack and was used to illustrate the vulnerable app manifest configuration.
Oh, I assumed they edited the manifest to enable the flags. Nvm then.
I thought so as well.
They don’t edit the manifest at all?
Lol I never knew Microsoft considers uac a convince feature not a security boundary
Then you never thought about it - at least not in relation to who was responsible for it. I mean… because who would think that but Microsoft?
Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.
It has some level of additional security I think? some remote access apps have issues with them.
Yes, by default windows launches UAC prompts in the supposedly isolated “secure desktop” instead of the classical “interactive user desktop”.
You can also up your UAC security level, so it requires your password, like most Linux distros do. This can (disregarding bypasses like this one) thwart keystroke injection attacks like that from a USB Rubber Ducky.
.
Jesus Christ. that’s like the lock to your front door asking potential intruders to say “I’d like to enter please” to automatically unlock itself