From 48071cd17e70f6855bcb6795a8f6edaea3550966 Mon Sep 17 00:00:00 2001
From: Rob Fuller <679319+mubix@users.noreply.github.com>
Date: Thu, 8 Jul 2021 01:56:17 -0400
Subject: [PATCH] Small typo

`ftlMC` -> `fltMC`
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 14ae980..57eab01 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ Feel free to contribute and/or discuss presented ideas.
 |`SeIncreaseBasePriority`| Availability | ***Built-in commands*** | `start /realtime SomeCpuIntensiveApp.exe` | May be more interesting on servers. |
 |`SeIncreaseQuota`| Availability | 3rd party tool | Change cpu, memory, and cache limits to some values making the OS unbootable. | - Quotas are not checked in the safe mode, which makes repair relatively easy.<br> - The same privilege is used for managing registry quotas. |
 |`SeIncreaseWorkingSet`| None | - | - | Privilege held by everyone. Checked when calling fine-tuning memory management functions. |
-|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`<br>2. Exploit the driver vulnerability<br> <br> Alternatively, the privilege may be used to unload security-related drivers with `ftlMC` builtin command. i.e.: `fltMC sysmondrv` | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)<br>2. The `szkg64` [exploit code](https://www.greyhathacker.net/?p=1025) was created by [Parvez Anwar](https://twitter.com/parvezghh)  |
+|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`<br>2. Exploit the driver vulnerability<br> <br> Alternatively, the privilege may be used to unload security-related drivers with `fltMC` builtin command. i.e.: `fltMC sysmondrv` | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)<br>2. The `szkg64` [exploit code](https://www.greyhathacker.net/?p=1025) was created by [Parvez Anwar](https://twitter.com/parvezghh)  |
 |`SeLockMemory`| Availability | 3rd party tool | Starve System memory partition by moving pages. | PoC published by [Walied Assar (@waleedassar)](https://twitter.com/waleedassar/status/1296689615139676160) |
 |`SeMachineAccount`| None | - | - |The privilege is not used in the Windows OS. |
 |`SeManageVolume`| ***Admin*** | 3rd party tool | 1. Enable the privilege in the token<br>2. Create handle to \\.\C: with `SYNCHRONIZE \| FILE_TRAVERSE`<br>3. Send the `FSCTL_SD_GLOBAL_CHANGE` to replace `S-1-5-32-544` with `S-1-5-32-545`<br>4. Overwrite utilman.exe etc. | `FSCTL_SD_GLOBAL_CHANGE` can be made with this [piece of code](https://github.com/gtworek/PSBits/blob/master/Misc/FSCTL_SD_GLOBAL_CHANGE.c).  |