Bootlicker - A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution

bootlicker is a legacy, extensible UEFI firmware rootkit targeting vmware hypervisor virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless of security settings configured. Architecture bootlicker takes its design from the legacy...

EfiGuard - Disable PatchGuard And DSE At Boot Time

EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement DSE. Features Currently supports all EFI-compatible versions of Windows x64 ever released, from Vista SP1 to Server...

For a driver to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword As Microsoft is constantly reinforcing core safety, enhance the native kernel components of the exploit difficulty, and now third party kernel drivers are gradually becoming the attacker's preferred target, is security analysts the focus of the study. Signed third-party driver...

On GhostHook, Fireball, WannaCry, and more

Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab’s latest report, WannaCry hitting Honda, GhostHook, and Fireball. Download: ThreatpostNewsWrapJune232017.mp3 Music by Chris Gonsalves Show notes: GhostHook attack bypasses Windows 10 PatchGuard Say Goodbye to SMBv1 in...

New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company's latest and secure operating system, Windows 10. Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely...

GhostHook Attack Bypasses Windows 10 PatchGuard

A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers. Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particula...

NSA's DoublePulsar Kernel Exploit In Use Internet-Wide

If you’re on a red team or have been on the receiving end of a pen-test report from one, then you’ve almost certainly encountered reports of Windows servers vulnerable to Conficker MS08-067, which has been in the wild now for nearly 10 years since the bug was patched. A little more than two weeks...

Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation

Source: https://github.com/Cr4sh/secretnetexpl Secret Net 7 and Secret Net Studio 8 local privileges escalation exploit. 0day vulnerabilities in sncc0.sys kernel driver of Secrity Code products allows attacker to perform local privileges escalation from Guest to Local System. Also, attacker that...

Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation

Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Source: https://github.com/Cr4sh/secretnetexpl Secret Net 7 and Secret Net Studio 8 local privileges escalation exploit. 0day vulnerabilities in sncc0.sys kernel driver of Secrity Code products allows attacker to perform local...

Secret Net 7 and Secret Net Studio 8 - Privilege Escalation

Exploit for windows platform in category local exploits Source: https://github.com/Cr4sh/secretnetexpl Secret Net 7 and Secret Net Studio 8 local privileges escalation exploit. 0day vulnerabilities in sncc0.sys kernel driver of Secrity Code products allows attacker to perform local privileges...

Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability

No description provided by source. Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry and some not from the industry have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose...

Microsoft Windows Vista2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free

Microsoft Windows Vista2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability Intro: Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the...

Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free

Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability Intro: Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry and some not from the industry have come together to form MSRC: the...