Vulnerability research in application, system and bare metal software. Development exploits, research, analysis tools and algorithms.

Vulnerability research

Brief description

Vulnerability research and exploit development for the following architectures:

  • x86
  • x86-64
  • ARM
  • AArch64 (ARM64)

CVE-2022-21907 ー MS Windows HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS:3.1 9.8 / 8.5
Tags:

0-day MS Windows 10 vulnerability remote DoS zero-click.

A zero-day zero-click vulnerability, allows to perform a remote attack Denial of Service (DoS) on a vulnerable system running Microsoft Windows. Don’t require any human interaction with the target machine.
Found: October 03, 2020

Target settings:

  • Firewall: enabled (default settings);
  • Windows defender: enabled (default settings).

Test case:

  • Windows 10 Pro (Actual build version on October 03, 2020);
    • An attack on a system running on different physical machines.
  • Windows 10 Pro (Version 20H2 build 19042.685).
    • An attack on a system running on a virtual machine.
Tags:

Windows 10 x64 LPE. Obtaining system privileges by exploiting a kernel driver vulnerability.

Tags: