"of the exploit process. by overwriting the _ sep _ token _ privileges structure it is possible to escalate to nt authority \ system privileges. conclusionin this blogpost we described a use - after - free vulnerability in the afd. sys windows driver patched in the august 2024 pat…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
90%
". if the exploit operations are successful, the exploit now controls the content of some riobuffer structures that are still alive in the cache. in order to create arbitrary read and arbitrary write primitives, the exploit leverages the internal mechanism of the riosend ( ) and r…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
80%
"the afdriodereferencebuffer ( ) function checks if the reference counter for that specific riobuffer structure is set to 1. if so, the riobuffer structure is freed in the afdriocleanupbuffer ( ) function. a race condition exists here that allows a malicious user to schedule the e…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
76%
"windows sockets : from registered i / o to system privileges by luca ginex overviewthis post discusses cve - 2024 - 38193, a use - after - free vulnerability in the afd. sys windows driver. specifically, the vulnerability is in the registered i / o extension for windows sockets. …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
47%
"use - after - free vulnerability on one of the previously - allocated riobuffer structureprivilege escalationheap spraying stagesince the vulnerable buffer is allocated in the non - paged pool, the spray technique we used leverages named pipes to fill the non - paged pool area wi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
<p>By Luca Ginex Overview This post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows sockets. The vulnerability was patched in the August 2024 Patch Tuesday. This post describes the exploitation process for the vulnerability. First, we give a general overview of the ... <a class="read-more" href="https://blog.exodusintel.com/2024/12/02/windows-sockets-from-registered-i-o-to-system-privileges/" title="Windows Sockets: From Registered I/O to SYSTEM Privileges">Read more <span class="screen-reader-text">Windows Sockets: From Registered I/O to SYSTEM Privileges</span></a></p>
<p>The post <a href="https://blog.exodusintel.com/2024/12/02/windows-sockets-from-registered-i-o-to-system-privileges/" rel="nofollow">Windows Sockets: From Registered I/O to SYSTEM Privileges</a> appeared first on <a href="https://blog.exodusintel.com" rel="nofollow">Exodus Intelligence</a>.</p>