When trying to identify a breakout method that will bypass the system protections, it is important to look at all the installed software to identify any with known vulnerabilities, or common issues. The best way to lock down a computer is to remove all unnecessary software to ensure it cannot add to the attack surface.

A good demonstration of why this is important is a known issue that can be used to leverage MS Paint, to get a command prompt. This is due to the encoding algorithm used to create a BMP file (one of the supported file formats used by Paint)

To trigger this issue, a 6x1 pixel image needs to be created with the following colours

· 1st: R: 10, G: 0, B: 0

· 2nd: R: 13, G: 10, B: 13

· 3rd: R: 100, G: 109, B: 99

· 4th: R: 120, G: 101, B: 46

· 5th: R: 0, G: 0, B: 101

· 6th: R: 0, G: 0, B: 0

This is then saved in the 24-bit Bitmap format

Once saved, the extension is changed to a .bat and this file is executed as a batch file

‍