Hi,
Windows Localpotato is a flaw found in Local NTLM authentication that allows us to write any file arbitrarily on Windows Operating System. Using it along with StorSvc DLL hihacking technique paves the way to Privilege Escalation to SYSTEM user.I explained it in this video with help of TryHackMe machine.

=================
Important Links
=================
Local Potato TryHackMe Room : https://tryhackme.com/room/localpotato
Local Potato (Original Blog) : https://decoder.cloud/2023/02/13/loca...
Local Potato PoC : https://github.com/decoderit/LocalPo...
LPE via StorSvc : https://github.com/blackarrowsec/redt...


=============
Time Frames
=============
00:00 Introduction
04:53 Understanding the NTLM authentication at Higher level
12:47 What is Local Potato Vulnerability?
21:04 DLL HiJacking via StorSvc Service in Windows
27:19 Preparing the Exploits
36:53 Starting the HandsOn Previlege Escalation
44:35 Detection/Mitigation os LocalPotato and StoSvc DLL Hijacking
46:33 Conclusion



===========================
Stay Connected with Me On
===========================
Website : https://perumaljegan.com
LinkedIn :   / perumaljeganatharavia890121b2  
Twitter :   / realperumalj  

#localpotato #storsvc #privesc