A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afdsys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures a ...
Diaphora, the most advanced Free and Open Source program diffing tool.
δiaphora
Diaphora (διαφορά, Greek for 'difference') version 312 is the most advanced program diffing tool (working as an IDA plugin) available as of today (2024) It was released first during SyScan 2015 and has been actively maintained ever since: Diaphora has been ported to every single minor version of IDA since 68 to 8
CVE-2023-21768
Windows Ancillary Function Driver for WinSock
Theo mô tả chi tiết của CVE-2023-21768 công bố bởi Microsoft Security Response Center (MSRC), lỗ hổng tồn tại trong Ancillary Function Driver (AFD), có tên tệp trong hệ thống là afdsys AFD module là kernel entry point của WinSock API Trong bài
Using CVE-2023-21768 to manual map kernel mode driver
nullmap
A very simple driver manual mapper based on my older voidmap and CVE-2023-21768 POC by chompie and b33f Because the underlying IoRing post-exploitation memory r/w primitive is not handling many consequent reads and writes very well, I've decided to overwrite CR4 to disable SMEP/SMAP to execute the driver mapped in usermode Tested on Windows 11 22H2 (22621525)
U
CVE-2023-21768 Local Privilege Escalation POC
authors: chompie & b33f
复现文章:hlingxbm
For demonstration purposes only Complete exploit works on vulnerable Windows 11 22H2 systems
Write primitive works on all vulnerable systems
Usage:
Windows_AFD_LPE_CVE-2023-21768exe <pid>
where <pid> is the p
Ghidriff - Ghidra Binary Diffing Engine
ghidriff provides a command-line binary diffing capability with a fresh take on diffing workflow and results
It leverages the power of Ghidra's ProgramAPI and FlatProgramAPI to find the added, deleted, and modified functions of two arbitrary binaries It is written in Python3 using pyhidra to orchestrate Ghidra and jpype as the Pyth
CVE-2023-21768 Local Privilege Escalation POC
authors: chompie & b33f
For demonstration purposes only Complete exploit works on vulnerable Windows 11 22H2 systems
Write primitive works on all vulnerable systems
Usage:
Windows_AFD_LPE_CVE-2023-21768exe <pid>
where <pid> is the process ID (in decimal)
CVE-2023-21768 Local Privilege Escalation POC
authors: chompie & b33f
For demonstration purposes only Complete exploit works on vulnerable Windows 11 22H2 systems
Write primitive works on all vulnerable systems
Usage:
Windows_AFD_LPE_CVE-2023-21768exe <pid>
where <pid> is the process ID (in decimal)
δiaphora
Diaphora (διαφορά, Greek for 'difference') version 30 is the most advanced program diffing tool (working as an IDA plugin) available as of today (2023) It was released first during SyScan 2015 and has been actively maintained since this year: it has been ported to every single minor version of IDA since 68 to 83
nullmap
A very simple driver manual mapper based on my older voidmap and CVE-2023-21768 POC by chompie and b33f Because the underlying IoRing post-exploitation memory r/w primitive is not handling many consequent reads and writes very well, I've decided to overwrite CR4 to disable SMEP/SMAP to execute the driver mapped in usermode Tested on Windows 11 22H2 (22621525)
U
CVE-2023-21768 Local Privilege Escalation POC
authors: chompie & b33f
For demonstration purposes only Complete exploit works on vulnerable Windows 11 22H2 systems
Write primitive works on all vulnerable systems
Usage:
Windows_AFD_LPE_CVE-2023-21768exe <pid>
where <pid> is the process ID (in decimal)
CVE-2023-21768 Local Privilege Escalation POC
authors: chompie & b33f
For demonstration purposes only Complete exploit works on vulnerable Windows 11 22H2 systems
Write primitive works on all vulnerable systems
Usage:
Windows_AFD_LPE_CVE-2023-21768exe <pid>
where <pid> is the process ID (in decimal)