# PoC — SAS Desktop DoS via UAC Spoofing A Windows proof-of-concept that demonstrates how a hidden UAC elevation prompt can be used to block the Secure Attention Sequence (SAS) while a rapid desktop-switching loop prevents the user from regaining control of their session. > **Disclaimer:** For authorised security research and CTF use only. Do not run against systems you do not own or have explicit written permission to test. --- ## What It Does 1. Creates a shadow desktop invisible to the user and fires a UAC elevation prompt on it. Windows holds the SAS lock for the duration of the pending prompt, meaning Ctrl+Alt+Del and the secure desktop are blocked. 2. Rapidly switches between the shadow desktop and the default desktop at full CPU speed. This thrashes the display pipeline and prevents the system from stabilising — without the UAC lock the user could recover, but with it there is no escape route left to recover into. 3. Installs a system-wide low-level keyboard hook that swallows all input. The only key that passes through is Escape, which tears everything down cleanly. 4. Plays a fullscreen looping video and pins an overlay to the bottom of the screen showing "Press Escape to Quit". The UAC is the lock. The desktop switching is the hammer. Together they make the session unrecoverable without pressing Escape. --- ## Requirements - Windows 10 / 11 - Python 3.x (no third-party packages) - Optional: mpv or VLC for the video payload ## Running ``` python poc_sas_dos.py ``` Press **Escape** to exit cleanly.