CyberArk Software Ltd.
Automatic detection and protection against file system privilege escalation and manipulation vulnerabilities

Abstract:

Disclosed embodiments relate to systems and methods for dynamically identifying potential file system privilege escalation and manipulation vulnerabilities. Techniques include monitoring a file system of a computing system; detecting a privileged file operation involving the file system; determining that a target of the path is writable by a non-privileged identity; and determining whether the target of the path is a dynamic link library. If the target of the path is a dynamic link library, techniques may further include creating a semi-malicious dynamic link library. If the target of the path is not a dynamic link library, techniques may further include creating an object manager symbolic link in a protected file.