ElevatedEvents EventViewer UAC bypass via .NET Deserializat | HackGit
ElevatedEvents
EventViewer UAC bypass via .NET Deserialization discovered by @OrangeTsai made into a Reflective DLL to use with Cobalt Strike.
Supports direct execution of executables, and doesn't rely on spawning cmd.exe through mmc.exe as shown in the original POC. However due to this command agruements are not supported.
As this UAC bypass is currently detected by Defender, a simple bypass is utilized that renames the file back to the original after its created to avoid detection.
