Escalating privileges ....


Before I pointed at this talk which refers to this web page full of notes (look under files) which further points at other talks regarding security holes on windows machines using (mostly) items already on a standard windows install.

This one is entertaining but hard to understand because the one of the speakers talks very softly and the other loudly.

This one is facsinating, but ... the ....pauses....of.....the....speaker....drive...me....to....sleep.
I found it funny that the word insomnia is at the bottom of his slides.
Regardless he is clearly talented and knows what he's talking about and worth noting.

Most of this is a distraction from the basics.
As noted by my SANS instructor: "if you don't know what is on your network, and you don't know your patching level, [targeted] attacks are not what you need to worry about."

HOWEVER, having at least a passing knowledge of how these attacks work will help when you are doing the next base-unit build out and inventory.  (did I mention you need to inventory and baseline your base-build so you know where your starting?)