Tales from the %TEMP%

The C:\Windows\Temp directory may seem like a safe place to store temporary data, but it has a few quirks that not all developers are aware of. For code running with high privileges, like Windows services, it becomes an attack surface. For attackers it is the gift that keeps on giving by exposing products to privilege escalation vulnerabilities. The talk covers (now fixed) privilege escalation vulnerabilities in Snow Inventory Agent for Windows (CVE-2018-17778) and F5 BigIP Edge Client for Windows (CVE-2021-23022). They share a common theme in that they both use C:\Windows\Temp in an insecure way

Presented at Security Fest 2023.

Speaker: Jonas Vestberg

About Jonas Vestberg

Jonas is a senior security consultant at Sentor since 2013, securing the world one reverse shell at a time. Enjoys coffee, coding, bypassing EDRs, Windows privilege escalation bugs and getting Domain Admin.

SUBSCRIBE TO OUR NEWSLETTER

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.

Get newsletter →