SecuriXy.kz
9.32K subscribers
483 photos
22 videos
18 files
393 links
Все самое интересное из мира информ. безопасности и IT 👍🏻
Обсуждаем, делимся, умнеем
https://securixy.kz

Обратная связь - @feedback_securixy_bot

Хахатушки - @memekatz
Hack the Box RUS - @HTB_RUS
Download Telegram
Массовый сбой в #Windows на ПК и серверах после обновления сенсоров #CrowdStrike. Оригинал уведомления от CrowdStrike: "Hello everyone - We have widespread reports of BSODs on windows hosts, occurring on multiple sensor versions. Investigating cause. TA will be published shortly. Pinned thread. SCOPE: EU-1, US-1, US-2 and US-GOV-1".

Workaround Steps:

1. Boot Windows into Safe Mode or the Windows Recovery Environment

2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

3. Locate the file matching “C-00000291*.sys”, and delete it.

4. Boot the host normally.


https://habr.com/ru/news/829912/

https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue
Еще один форк на картофельный привеск GodPotato на Windows #DeadPotato

Утилита пытается запустить процесс с повышенными правами, работающий в контексте пользователя NT AUTHORITY\SYSTEM, используя дефект RPCSS в DCOM при работе с OXID, что позволяет получить неограниченный доступ к машине для свободного выполнения критических операций.

https://github.com/lypd0/DeadPotato

#windows #lpe #potato #seimpersonate #GodPotato #pentest
Forwarded from APT
🖼️ Windows DWM — Elevation of Privilege

CVE-2024-30051 is an elevation of privilege vulnerability in Windows' DWM Core Library (dwmcore.dll). The flaw arises due to a heap-based buffer overflow in the CCommandBuffer::Initialize method, triggered by a miscalculation during memory allocation.

🖥 Affected versions
Windows 10: 1507, 1607, 1809, 21H2, 22H2
Windows 11: 21H2, 22H2, 23H2
Windows Server: 2016, 2019, 2022

🔗 Source:
https://github.com/fortra/CVE-2024-30051

#windows #eop #dwm #research #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
💻 Exploiting Windows Kernel via Kernel Streaming Proxying

An in-depth look at CVE-2024-30090, a vulnerability in Kernel Streaming, allowing privilege escalation via malformed IOCTL requests. By leveraging KS Event mishandling during 32-bit to 64-bit conversions, can exploit the bug pattern to gain arbitrary kernel mode access.

🔗 Research:
Proxying to Kernel - Part I
Proxying to Kernel - Part II

🔗 Source:
https://github.com/Dor00tkit/CVE-2024-30090

#windows #streaming #kernel #cve #poc
Please open Telegram to view this post
VIEW IN TELEGRAM