Because a nice digital tools foo is always a good thing, the folks at SANS have a neat trick to bypass UAC with psExec and Metasploit.

During a recent penetration test, we were trying to figure out how to bypass UAC on a fully patched Windows environment, given that we'd had a limited compromise of one system via phishing. I'd like to share the technique we came up with so you can apply it in your own work.