windows 10 – Run as a different user, but ONLY for some explicitly allowed programs

On my Windows 10 system, Alice is developer / administrator and Bob is a standard user. Alice has written a set of programs that Bob can use (.bat files and / or shortcuts that work py files in python.exe). When Bob double-clicks these programs, they must run using Alice's file system permissions (or any other privileged user), without Bob needing to know the password for the program. that other user, or even perform something special beyond that initial double-click. But at the same time, Bob should not be allowed to execute anything other as a different user.

Here is a minimal example of the program I want to run, let's call it WhiteHat.bat:

:: this is WhiteHat.bat
@echo User% 1 runs this program as% USERNAME%

All my research so far has shown run like. So, for example, Alice prepares the following file in the same folder as WhiteHat.bat:

:: it's RunWhiteHatAsAlice.bat
@runas / noprofile / user:% COMPUTERNAME%  Alice / savecred "% ~ dp0WhiteHat.bat "% USERNAME%  ""

The first time Bob double-clicks RunWhiteHatAsAlice.batAlice is here to type her password. Subsequently, Bob can double-click on it without Alice's presence and he will see:

The user Bob runs this program under the name of Alice

Until here everything is fine. But the problem is that Bob now seems to have permission to do it no matter what like Alice. When he writes the following two files in his own home directory:

:: it is BlackHat.bat
@echo user% 1 deletes all files as% username%


:: this is RunBlackHatAsAlice.bat
@runas / noprofile / user:% COMPUTERNAME%  Alice / savecred "% ~ dp0BlackHat.bat "% USERNAME%  ""

He seems to be able to use the saved identity information, which Alice had to use only to execute WhiteHat.bat, to also execute any arbitrary code in BlackHat.bat.

I guess so run like Is not the way to do what I want? Unless I have somehow missed the part of his documentation that explains how to limit the scope of what a user is allowed to do with registered identity information. What is the proper way to do this?

c – Is it possible to exchange programs displayed in stdout?

I would like to write a program in C that forks then execs three different processes.

Then two of the programs will be suspended and only one of the three will be broadcast to the public. stdout. It is possible to later suspend the running process on stdout, resume one of the other suspended processes and display it on stdout instead of?

csv – What are some examples of injection attacks in databases that abuse common programs other than SQL?

Excel is a very popular and popular program that contains a vulnerability to CSV injection attacks.

To start: Excel (and other spreadsheets), try to be smart. If an element of a CSV file begins with a +, -, @, or =, it will be interpreted as a formula.

Ok, that's not too bad. What damage can an attacker do with a formula?

S & P, a little. Excel has a feature called dynamic data exchange, which allows it to communicate with other parts of the computer.

One of these pieces is the command prompt, which allows a malicious attacker to execute arbitrary code on the machine.

An example of this (I do not find the article so far), according to which the Dutch police managed to seize a dark website that was selling drugs and replaced the file .txt transaction history by a transaction history .csv file, including a CSV file injection to "phone home" once the user has opened the file.

CSV injection attacks are not particularly new, and the following link describes some methods to prevent them: Link

Of course, Excel is only one of the vulnerable platforms, and it raises problems when it notices a CSV attack. Google Sheets is another common spreadsheet software. The attacks on their platform run immediately without any warning.

Further reading

Cryptomonsoon – – Hybrid Programs

Registration link: Cryptomonsoon

Launch date: pre-launch

Get paid in CMN token supported by our internal exchange

Share 75% of our income with our members

100 free CMN tokens for the first 2000 members


Adpack: Stacking Adpack, Adpack 40 $

Earn up to 130% by Adpack

Holding coins to multiply your income

Earn free coins by being our free member

Most sustainable business structure for long-term investors

Commission of reference 3 deep levels for ICO and Adpacks


Stable USD supported token

Several ad packages

Projects worth one billion dollars moving in the front line

Internal exchange

Stable revenue sharing

Effective and quality traffic

Affordable advertising packages

Detailed analysis for advertisers

Payment Methods: Bitcoin, Perfect money, ETH, Payeer


EXP Asset – – Hybrid Programs

728x90_ENG.jpg "class =" ipsImage "height =" 90 "src =" "width =" 728 "/>
<p style=

EXP-ASSET is a company engaged in the generation of financial market transactions, cryptocurrency and arbitrage. In addition, EXP-ASSET invests in start-up projects. The company is registered in the United Kingdom under number 10743547.

The company generates transactions on regulated markets 5 days a week and in non-regulated markets 7 days a week. Investment profits are paid to user profiles as long as this continues. Every investment can involve a risk. Their competence, however, is to minimize it and to ensure financial liquidity. Consequently, in the event of cryptocurrency or other activities being banned, EXP-ASSET has the equipment necessary for the sale, which will cover the sums paid.

To become a member, simply fill out the registration form and confirm your email address. Then you can connect to the system. However, it is not allowed to have more than one account.

EXP-ASSET offers educational packages ranging from $ 100 to $ 1,000,000. See this presentation for more information. To make a payment, funds must be paid via BitCoin. The expected rate of return is on average 1% per day. The profits are accumulated every 24 hours for each package individually.

EXP-ASSET offers an excellent affiliate opportunity. To be eligible for the affiliate system, you must have at least $ 100 of educational package. PV points are accumulated in your organization. When you qualify (invite 2 active users, one at the top and one at the bottom), you can get a binary bonus (10% from the lowest leg). If you have a package of $ 1000 or more, you can receive a direct bonus of 8%.

468x60_ENG.jpg "class =" ipsImage "height =" 60 "src =" "width =" 468 "/>
<p style=

EXP-ASSET offers users two affiliate programs: PLAN and MATRIX


DIRECT BONUS (8% from the purchase of your direct reference) You receive this 8% with each purchase by direct reference and purchase of a package.This bonus is paid instantly to your wallet.

BINARY SYSTEM (10% of the PV points accumulated on a weaker leg, this bonus is paid instantly to your wallet).


1. INFINITI Q70 luxury car or INFINITI QX70 luxury car
When you accumulate $ 750,000 (750,000 PV) on a lower line, you get an INFINITI Q70 or INFINITI QX70 luxury car. To qualify, you must have a minimum plan of $ 15,000.

2. INFINITI Q50 luxury car
When you accumulate $ 500,000 on a lower line, you get the INFINITI Q50 luxury car. To qualify, you must have a minimum plan of $ 10,000.

When you accumulate $ 300,000 (300,000 PV) on a lower line, you get Rolex Submariner or Breitling Navitimer 01. To be eligible, you must have a minimum package of $ 5,000.

When you accumulate $ 150,000 (150,000 PV) on a less efficient line, you get an all-inclusive trip for two people. To qualify, you must have a minimum plan of $ 2,000.

5. iPhone 7
When you accumulate $ 75,000 (75,000 PV) on a lower line, you get an iPhone7. To qualify, you must have a minimum plan of $ 1,000.

When you accumulate $ 25,000 (25,000 HP) on a lower line, you receive EXP-GIFTS (the original Exp Asset Ltd. gifts directly at the specified address). To qualify, you must have a minimum plan of $ 500.

NOTE: Prices are mandatory. When you get enough points to win the prize, you must receive it. Once you get the prize, points are awarded. After the color, the points accumulate again to allow you to win the next prize. If you do not want the price, you can get a dollar value of the US dollar price on your portfolio. If you wish, send an e-mail to EXP-ASSET support. You will get% of the prize money value.


BONUS MATRIX – 5% off each purchase (all people: direct and spillovers) in each of your dice up to 10 levels deep. See the potential here.

50% VIP BONUS (Exclusive for M1000 owners – Receive 50% of all Matrix bonuses from each of your directly invited friends).

468x60_ENG.jpg "class =" ipsImage "height =" 60 "src =" "width =" 468 "/>
<p>The minimum amount you can withdraw is $ 100. In addition, there is a fund limit that you can withdraw per day. This limit only applies to the binary structure:<br />– When you accumulate less than $ 3,000,000 on the lowest line of your binary tree, you can withdraw a maximum of $ 2,000 per day.<br />– When you accumulate more than $ 3,000,000 on the lowest line of your binary tree, you can withdraw a maximum of $ 3,000 per day.
<p>A one-time payment of $ 5 is charged for each payment.
<p style=

Withdrawals are automatic and require no manual confirmation. Payments are ordered upon withdrawal of payment. The waiting time depends on the number of BTC confirmations. This usually lasts a few seconds to a few minutes.

In general, payments can be paid on any day. The financial benefits are paid to the portfolio from which funds can be paid at the end of the cycle. A cycle is a work week. Funds can be withdrawn at any time. Also on weekends.

A profit portfolio shows the financial benefits generated (about 1% calculated on the value of your package for 120 days). Every Friday, the funds in your profit portfolio are automatically transferred to your portfolio. You can withdraw funds only from your wallet.

The wallet is a place where you withdraw money. Every Friday, funds raised on Profit Wallet are transferred to the Wallet. This means that you can withdraw your daily return of 1% every Friday from Wallet. The goal of Wallet is also to instantly collect binary and direct bonuses. Whenever you receive a binary bonus and / or a direct bonus, your wallet is endowed with an appropriate amount (10% of Binary's least important leg and / or 8% of the direct bonus).

The depots show your active packets. Date of purchase, daily yield and amount already paid. In the Withdrawals tab, you can view the history of your withdrawals, the amount and the date they were made. You can withdraw funds from your wallet at any time. The financial benefits generated for users are paid into the profit portfolio from which the funds are automatically paid into the portfolio. Binary and direct bonuses are paid directly to Wallet instantly. Please note that there is a $ 4 charge for each withdrawal.

728x90_ENG.jpg "class =" ipsImage "height =" 90 "src =" "width =" 728 "/>
<div data-id=

Cryptomonsoon | The revolutionary advertising platform | New Revshare – Hybrid Programs


SuccessMastermind is designed to help you succeed, see why:

MySuccessMastermind is a totally passive income opportunity.

Earn $ 500 by marketing the site.

EVERYONE GETS A FREE $ 10 BONUS to start, the cost of two successful packs !!!

You do not expect ages to be paid. You pay in real time every 12 hours.

October 21, 2018

Membership: free

Adpack price: only $ 5 and pays 135%, 165% and 201% at the expiry.

Receive advertising credits on every successful package you buy.

No reference, no navigation and no subscription required to win a dedicated 24/7 support team

Fully secured site with an honest and experienced management team

ALL withdrawals are paid instantly !! to any processor of your choice, using the internal exchange service

Receive a $ 10 sign-up bonus

Earn up to 16% Ref. Com 3 depth levels: 8%, 5% and 3%

Get quality traffic on your website

Professional customer support 24 hours a day, 7 days a week via email, social media, live chat and more !!

Accepted Payments: Perfect Money, Payee, Advcash, BTC, LTC, ETH

Registration link: Mysuccessmastermind


antivirus – Are there any computer programs that can scan for viruses on an Android device?

As far as I know, there is no virus reported so far that replicates itself as a PC virus, and specifically on Android, that does not exist, so, technically, there is no Android virus . But these are malicious apps that can steal your secure credentials.

As long as you install Google Playstore apps, you are safe from these malicious apps. Google analyzes the apps before letting them enter the Google Play Store, using a tool called "Bouncer" that provides automated analysis of Google Play Store for potentially malicious software without disrupting the user experience of Google Play Store or require developers to follow an application approval process. The service performs a set of analyzes on new applications, applications already in progress Google Play Store, and developer accounts.

Here's how it works: Once an application is downloaded, the service immediately starts scanning for known malware, spyware and Trojans (source: Google Mobile Blog).

There are many antivirus applications that can detect malicious applications on the PlayStore such as Avast, 360 Security, AVG, and so on.

Affiliate Programs for Electronic Magazines

I've written 10 to 15 long articles in the eMagazine about Indian politics and about downloads on a Web 2.0 blog on which I copy-pasted news from popular Indian websites, without doing backlinks with blog comments. .
Now, I want certain products to be promoted on my eMagazine and I would prefer that affiliate marketing offer banners or coupons, or just some paid product promotions to be able to place their ads in my eMagazine published in PDF format. Are there any such companies that offer …

Affiliate Programs for Electronic Magazines

macos – Hide an application for third-party uninstallation programs

Is there a way to hide an application from third-party uninstaller such as MacKeeper?

I'm using an application that blocks websites and everything I want. When its blockers are running, I configured it so that I can not uninstall the application natively. However, third-party uninstallation programs such as MacKeeper can easily uninstall the application without any problem.

So, I wonder if it is possible to hide an application to third-party Uninstallers.

Thank you to all of you.

(Hot Payment) RUB, USD, BTC, DOGE, LTC – COUNTRY PROOF 2019/01/29 – Hybrid Programs


Register here –


Min. Deposit instant payment of 100 Dogecoin (3% per day)

Min. Remove 50 Dogecoin / 10% Referral Program

All details of payment PER DAY –


Register here –


Min. Deposit 50 Dogecoin (2% Per-Days) Instant Payment

Min. Remove 50 Dogecoin / 10% Referral Program

All details of payment PER DAY –


Register here –


Min. 500 Dogecoin deposit (1.8% per day) Instant payment

Min. Remove 50 Dogecoin / 5% Referral Program

All details of payment PER DAY –


Register here –


Min. Deposit 1000 Dogecoin (1.8% Per-Days) Instant Payment

Min. Remove 100 Dogecoin / 5% Referral Program

All details of payment PER DAY –