TL;DR: Abusing enabled token privileges through a kernel exploit to gain EoP it won’t be enough anymore as from NT kernel version 10.0.15063 they are ‘checked’ against the privileges present in the token of the calling process. So you will need two writes.
URL: http://www.anti-reversing.com/ntoskrnl-v10-0563_nt_sep_token_privileges-single-write-eop-protect/ kyREcon _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
