CVE-2021-21551

Creating a repository with all public Beacon Object Files (BoFs)

BofAllTheThings Creating a repository with all public Beacon Object Files (BoFs) The idea is to collect all the Beacon Object Files (BoF ) projects that are out there (similar to my SharpAllTheThings project) that can be used in Cobalt Strike as inline execute command Credit the name to the amazing PayloadAllTheThings github repo (githubcom/swisskyrepo/PayloadsAllTheT

An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit

DbUtilAx An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3sys’ Kernel Exploit Read the full blog post here

Blue Team Notes A collection of one-liners, small scripts, and some useful tips for blue team work I've included screenshots where possible so you know what you're getting Contact me If you see a mistake, or have an easier way to run a command then you're welcome to hit me up on Twitter or commit an issue here If you want to contribute I'd be grateful for

Policies NOTE: This is a collection of COMMUNITY maintained policies and not provided/supported by Forescout Technologies Policy Information Each policy folder will have a READMEmd file that will describe what the policy is actually doing and if there are any changes needed to your environment before using the policy in your environment Listing of Policies Active Probing

It scans all computer in a given OU for the vulnerable dbutil_2_3.sys file and remove it.

PoshDellDBUtil - 020 Scan and removal module/tool for DSA-2021-088 / CVE-2021-21551 It scans all computer in a given OU for the vulnerable dbutil_2_3sys file and remove it Syntax Invoke-PoshDDClean [-ComputerOU] <string> [[-Clean]] [<CommonParameters>] Usage Scan mode: Invoke-Pos

Exploit to SYSTEM for CVE-2021-21551

CVE-2021-21551 Exploit to SYSTEM for CVE-2021-21551 SpoolPrinter Privesc using SeImpersonatePrivileges was made thanks to @_ForrestOrr githubcom/forrest-orr/DoubleStar/tree/main/Payloads/Source/Stage3_SpoolPotato I basically just tossed the exploit function in his code and altered it ever so barely NtQuerySystemInformation was taken from @Void_Sec voidseccom

Blue Team Notes A collection of one-liners, small scripts, and some useful tips for blue team work I've included screenshots where possible so you know what you're getting Table of Contents Shell Style Windows OS Queries Account Queries Service Queries Network Queries Remoting Queries Firewall Queries SMB Queries Process Queries Recurring Task Queries File Queries

Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.

Cobalt Strike Beacon Object File foundation for kernel exploitation using CVE-2021-21551 Built by Tijme Credits to Alex for teaching me! Made possible by Northwave Security Description This is a Cobalt Strike (CS) Beacon Object File (BOF) which exploits CVE-2021-21551 It only overwrites the beacon process token with the system process token But this BOF is m

Dell Driver EoP (CVE-2021-21551)

Dell Driver EoP (CVE-2021-21551) Made quick exploit for Dell driver bug (CVE-2021-21551) for fun Great find by @kasifdekel! Writeup can be found here This exploit has been tested on Windows versions 1809 and 20H2, token offsets may vary on other versions

CVE-2021-21551 A PoC that exploits Dell's dbutil_2_3 driver Will get code execution on a system that has HVCI disabled as shown below: Ouptut: The write-up for this code can be found here: ch3rn0bylcom/2021/05/a-dell-cve-2021-21551/

Blue Team Notes A collection of one-liners, small scripts, and some useful tips for blue team work I've included screenshots where possible so you know what you're getting Contact me If you see a mistake, or have an easier way to run a command then you're welcome to hit me up on Twitter or commit an issue here If you want to contribute I'd be grateful for

It's pointy and it hurts!

Kernel-Cactus It's pointy and it hurts! Kernel Cactus is a C written framework to utilize perform attacks on Windows OS while utilising CVE-2021-21551 (dbutil_2_3sys) Description Please Read our full article to further understand the ins and outs of all the offensive and defensive code in this repo Pre - Reqs In order for Kernel Cactus to work it is required that you wi

You didn't think I'd go and leave the blue team out, right?

Blue Team Notes A collection of one-liners, small scripts, and some useful tips for blue team work I've included screenshots where possible so you know what you're getting Contact me If you see a mistake, or have an easier way to run a command then you're welcome to hit me up on Twitter or commit an issue here If you want to contribute I'd be grateful for

Some of my windows kernel exploits for learning purposes

Windows-Exploits Some kernel exploits I used to learn about the topic, mainly for OSEE These probably contain code snippets from other exploits - if I missed references/authors please send me a message and I'll add them Kernel HEVD Most exploits are vs Win10 1909 x64 targetting githubcom/hacksysteam/HackSysExtremeVulnerableDriver StackOverflow (Medium Integr

Blue Team Notes A collection of one-liners, small scripts, and some useful tips for blue team work I've included screenshots where possible so you know what you're getting Contact me If you see a mistake, or have an easier way to run a command then you're welcome to hit me up on Twitter or commit an issue here If you want to contribute I'd be grateful for

Collection of BlueTeam notes to aid threat investigation and forensics.

Blue Team Notes A collection of one-liners, small scripts, and some useful tips for blue team work I've included screenshots where possible so you know what you're getting Contact me If you see a mistake, or have an easier way to run a command then you're welcome to hit me up on LinkedIn or on my simple Portfolio or, commit an issue here If you want to contrib

Dell Driver EoP (CVE-2021-21551)

CVE-2021-21551 Dell Driver EoP (CVE-2021-21551) Description Dell dbutil_2_3sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure Local authenticated user access is required This exploit was tested on Windows 10 v1511 Link to advisory

Blue Team Notes A collection of one-liners, small scripts, and some useful tips for blue team work I've included screenshots where possible so you know what you're getting Contact me If you see a mistake, or have an easier way to run a command then you're welcome to hit me up on Twitter or commit an issue here If you want to contribute I'd be grateful for

aws-sdk-s3-myapp wwwbaeldungcom/aws-s3-java wwwbaeldungcom/java-create-jar javatutorialnet/java-s3-example awsamazoncom/sdk-for-java/ docsawsamazoncom/sdk-for-java/latest/developer-guide/homehtml docsawsamazoncom/sdk-for-java/v1/developer-guide/examples-s3html docsawsamazoncom/sdk-for-java/latest/develo

SyncroMSP Scripts by Artichoke Consulting

Artichoke Consulting SyncroMSP Scripts by Artichoke Consulting Montucky Tech at it's finest macOS SyncroMSP: macOS-DeploySyncroAgentsh - Simple macOS SyncroMSP v2 Agent deployment script Just provide $customerId $policyid $shopkey and deploy macOS-RestartSyncroAgentsh - Since the macOS SyncroMSP Agent doesn't have a "Restart Agent" function, here

Script to patch your domain computers about the CVE-2021-21551. Privesc on machines that have the driver dbutil_2_3.sys, installed by some DELL tools (BIOS updater, SupportAssist...)

Description Script to patch your domain computers about the CVE-2021-21551 Privesc on machines that have the driver dbutil_2_3sys, installed by some DELL tools (BIOS updater, SupportAssist) It uses WinRM to invoke the checks on every domain-member computers Tries to clean the vulnerable drivers & fullfill a txt list with status Usage - Remote version Just laun

arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system

CVE-2021-21551 Simple PoC for exploiting CVE-2021-21551 for LPE by spawning system cmd cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-21551 An issue was discovered in signed dell windows driver (dbutil_2_3sys) which may lead to compromisation of whole local system Driver's ioctl dispatch routine lacks of validation of user supplied buffer IOCTL Anyone can crea