diff --git a/README.md b/README.md new file mode 100644 index 0000000..c1d490e --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# PoC — SAS Desktop DoS via UAC Spoofing + +A Windows proof-of-concept that demonstrates how a hidden UAC elevation prompt can be used to block the Secure Attention Sequence (SAS) while a rapid desktop-switching loop prevents the user from regaining control of their session. + +> **Disclaimer:** For authorised security research and CTF use only. Do not run against systems you do not own or have explicit written permission to test. + +--- + +## What It Does + +1. Creates a shadow desktop invisible to the user and fires a UAC elevation prompt on it. Windows holds the SAS lock for the duration of the pending prompt, meaning Ctrl+Alt+Del and the secure desktop are blocked. + +2. Rapidly switches between the shadow desktop and the default desktop at full CPU speed. This thrashes the display pipeline and prevents the system from stabilising — without the UAC lock the user could recover, but with it there is no escape route left to recover into. + +3. Installs a system-wide low-level keyboard hook that swallows all input. The only key that passes through is Escape, which tears everything down cleanly. + +4. Plays a fullscreen looping video and pins an overlay to the bottom of the screen showing "Press Escape to Quit". + +The UAC is the lock. The desktop switching is the hammer. Together they make the session unrecoverable without pressing Escape. + +--- + +## Requirements + +- Windows 10 / 11 +- Python 3.x (no third-party packages) +- Optional: mpv or VLC for the video payload + +## Running + +``` +python poc_sas_dos.py +``` + +Press **Escape** to exit cleanly.