- mock-trusted-directories - bypasses UAC by using a fake trusted directory.
- windir-with-silentcleanup-task - bypasses UAC by mocking the
WinDirenvironment variable, and using theSilentCleanuptask.
All of these POCs execute cmd.exe by default.
WinDir environment variable, and using the SilentCleanup task.All of these POCs execute cmd.exe by default.