Cmd Hijack - a command/argument confusion with path traversal in cmd.exe

This one is about an interesting behavior 🤭 I identified in cmd.exe in result of many weeks of intermittent (private time, every now and then) research in pursuit of some new OS Command Injection attack vectors. So I was mostly trying to: * find an encoding missmatch between some command check/sanitization code and the rest of the program, allowing to smuggle the ASCII version of the existing command separators in the second byte of a wide char (for a moment I believed I had it in the StripQ

King Lear Viray on LinkedIn: AVP - Security Operation Center (SOC) Cyber Threat Analyst - Hybrid at Citi

Gr1nch on X: [Pentest] Cmd Hijack - a command/argument confusion with path traversal in cmd.exe -- -- by: @julianpentest / X

Cmd hijack vulnerability - Vulnerabilities - Acunetix

V0lCk3r (@ourahali) / X

Swedish Windows Security User Group » Microsoft security intelligence

Cmd Hijack - a command/argument confusion with path traversal in cmd.exe

What is Path Traversal vulnerability?

Hamza Rabbani (@hamzarabbani00) / X

ExploitWareLabs - Cmd.exe Hijack - a command/argument

Machine learning from idea to reality: a PowerShell case study, NCC Group Research Blog