Registry

Abusing AlwaysInstallElevated for Windows Privilege Escalation

How a misconfigured AlwaysInstallElevated policy lets a low-privileged user run a malicious MSI as SYSTEM, plus detection and defense.

Windows Privesc

Abusing Registry Autoruns for Windows Persistence and Privilege Escalation

How attackers abuse writable Run keys and other autorun locations for persistence and privesc, plus how blue teams detect it.

Windows Privesc