Windows HTTP.SYS Kerberos PAC Verification Bypass / Privilege Escalation

The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.

SHA-256 | 73ffca14ecbbd49fef40fa8d7691f553f1cd6ed289aaa1f61656fcd866416f5a

Download

Source: packetstormsecurity.com