This script aims to enumerate common Windows configuration issues that can be leveraged for local privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation.
3️⃣ Tool: WES-NG: Windows Exploit Suggester - Next Generation
WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities.
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running (default on Win10, not Win Server 2019).
JSON Web Tokens, also known as JWTs, is one of the most commonly used mechanisms to authenticate an entity. A JSON Web Token has 3 main components - header, payload and a signature.
🔴 What does each component do?
The first two components, i.e. the header and the payload have a defined structure and purpose whereas the signature is dependent on the algorithm that's used for encrypting the token. In cases where there's no encryption, this field is omitted.
The imposter syndrome is the belief that your achievements at work are unworthy of you and that you will eventually be revealed as a fraud. Imposter syndrome sufferers believe it is detrimental to their achievement.
However, the actions that "imposters" do to make up for their self-doubt might improve their performance at work and inspire them to exceed their counterparts who are not imposters in terms of interpersonal skills.
People who are overworked and stressed out usually destroy their work-life balance by bringing work home with them or worrying excessively about unfinished tasks, which causes stress.
People who are constantly busy feel squeezed for time and stressed out, which reduces their attention and cognitive capacity.