ScreenConnect: Restriction Bypass for RCE
Paul Whiting
SAINTCON 2025 · Day 2 · Main Track 2
In his SAINTCON talk, "ScreenConnect: Restriction Bypass for RCE," Paul Whiting of UltraViolet Cyber detailed a novel method to achieve **remote code execution (RCE)** on ConnectWise ScreenConnect instances. The talk outlines a penetration testing engagement where an unconfigured ScreenConnect server was discovered, leading to a deep dive into its vulnerabilities. Whiting's research uncovered a critical **restriction bypass** that allowed for the execution of unsigned custom extensions, circumventing built-in security mechanisms designed to prevent such actions.