One shell to HANDLE them all
New approach to escalate privileges by abusing open token handles after compromising a web app
New approach to escalate privileges by abusing open token handles after compromising a web app
Turning an arbitrary file read vulnerability (CVE-2018-1685) into a full Linux host compromise, via Kerberos