CVE-2024-26229

Windows LPE

CVE-2024-26229 (Windows LPE) This repository is a rewrite of the code from here, but without additional dependencies PATCHED: Apr 9, 2024

CVE-2024-26229

DRive a backdoor for Windows

DRive a backdoor for Windows Just a POC, Combining Everything Theory The IsSupportedOSVersion() verifies whether the operating system version is supported In case it's not, the program terminates execution checkCPU(), checkHDD(), and checkRam() we use antisandbox techniques to check ram,hdd,cpu processes this will help us detect sandboxes because many sandboxes does not

BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel

CVE-2024-26229-BOF BOF implementations of CVE-2024-26229 for Cobalt Strike and Brute Ratel

Windows CSC Service Elevation of Privilege Vulnerability

PoC-26229 CVE-2024-26229 is a high-severity vulnerability in the Windows Client-Side Caching (CSC) service, also known as the Offline Files service This vulnerability allows local attackers to elevate their privileges on a system, potentially gaining full control over affected devices

CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

CVE-2024-26229 CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code in the cscsys driver

BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel

CVE-2024-26229 Beacon Object Files Beacon Object File (BOF) implementations from NVISO of CVE-2024-26229 for Cobalt Strike and BruteRatel Compile with: gcc -c CVE-2024-26229-bofc -o CVE-2024-26229-bofo This vulnerability was patched on April 9th, 2024 See msrcmicrosoftcom/update-guide/vulnerability/CVE-2024-26229 for detail