4 matches found
PT-2023-32956 · Undefined · Undefined
ParsedReport CompletenessHigh 10-07-2023 The five-day job: A BlackByte ransomware intrusion case study https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study Report completeness: High Actors/Campaigns: Volt typhoon motivation: cyber...
CVE-2019-16098
creationtimestamp| type| source ---|---|--- 2022-10-06 17:35:04+00:00| exploited| https://t.me/truesecator/3524 2024-05-21 13:04:44+00:00| seen| MISP/a9eb9e8e-d894-4f36-a6c2-ca8142f72d29 2025-08-31 03:00:54+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2026-02-06 21:11:55+00:00| seen|...
EDRSandblast - Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections Kernel callbacks and ETW TI provider and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland...
CVE-2019-16098
CVE-2019-16098 affects the Micro‑Star MSI Afterburner driver (RTCore64.sys/RTCore32.sys). The connected documents confirm an arbitrary read/write primitive in the vulnerable driver that allows a local authenticated user to read/write arbitrary memory, I/O ports and MSRs, enabling privilege escala...