Windows-privesc-check is a great tool that quickly performs multiple tests on system you may want to either audit or escalate your privileges within. I had to run that once on a system that I had no local admin rights nor could I disable an Endpoint Protection suite and had to figure a way around it. There are techniques to run certain files from memory and leave no files on the file system, but for purpose of this case, it was not necessary.
So, we have to bypass certain measures that lock our station down:
- Applocker in place that disallows running pretty much anything unknown,
- No admin rights that would allow installing additional tools in a traditional sense of installing software,
- Antivirus and EDR software that would raise an alert should a malicious file appear on a hard drive.
How to bypass them?
rzemieniecki 