yardenshafir/CVE-2020-1034 yardenshafir/CVE-2020-1034

  • Stars
    star
    114
  • Rank 308,031 (Top 7 %)
  • Language
    C++
  • Created about 4 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
yardenshafir/CVE-2020-1034
github

yardenshafir

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PoC demonstrating the use of cve-2020-1034 for privilege escalation

CVE-2020-1034

PoC demonstrating the use of cve-2020-1034 for privilege escalation. Tested on unpatched Windows 10 2004, build 19041.488.

Vulnerability was dicovered by Microsoft and fixed on patch Tuesday 8/9/2020: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1034

Writeup

Part 1: https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less
Part 1.5 - information leak: https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/
Part 2 - https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/

More Repositories

1

WinDbg_Scripts

Useful scripts for WinDbg using the debugger data model
JavaScript
382
star
2

IoRingReadWritePrimitive

Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
C++
221
star
3

PoolViewer

An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.
C++
121
star
4

SymlinkCallback

A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
C++
98
star
5

cet-research

A collection of tools, source code, and papers researching Windows' implementation of CET.
C
72
star
6

KernelDataStructureFinder

Driver and WinDBG scripts to dump information about all resources and lookaside lists
C++
63
star
7

InformationClasses

Documenting system information classes and their uses
48
star
8

DpcWait

Driver demonstrating how to register a DPC to asynchronously wait on an object
C++
45
star
9

MitigationFlagsCliTool

Command like tool to print mitigation flags for running processes in a memory dump
C++
41
star
10

IoRing_Demos

A repository for I/O ring demos, use cases and performance testing on Windows
C++
38
star
11

conference_talks

Slides from various conference talks
36
star
12

CallbackObjectAnalyzer

Dumps information about all the callback objects found in a dump file and the functions registered for them
C++
32
star
13

s1dbg

windbg extension that does stuff
C++
5
star