All posts by John Goodridge

Taking COMmand of your Privileges

Least privilege was first put forward as a design principle by Jerry Saltzer and Mike Schroeder 40 years ago [1]. Avecto, along with many others, has championed least privilege and our 5 reasons to love least privilege shows that it is key to mitigating attacks.

Continue Reading


Path of enlightenment part 2 – Taking tasks to task

As discussed in my last blog the issue of unquoted paths for services has been around for over 15 years. Despite this there is another potential privilege escalation with unquoted paths which doesn’t get as much coverage, these are Scheduled Tasks.

Continue Reading


Path of enlightenment part 1

A potential privilege escalation around unquoted service paths has been around for over fifteen years now, but it still continues to catch people out.

Continue Reading