10 of my remote code execution bugs in rpcrt4 fixed this month :)

Greate

Real 0day

One of my Win32K logic issues was only given a 2K bounty by Microsoft, but it was a big deal and caused a lot of problems before it was submitted

<NtosKrnl Kernel Pool OverFlow> This is an Vulnerability that can be successfully exploited in Windows

CVE-2021-31956 Ntfs.sys Integer Overflow

我花了两天来编写 CVE-2021-31956 的 EXPLOIT 该漏洞的利用技巧十分精妙，总共工作时间15个小时。 该漏洞可以在Chrome的沙箱内触发 并且不需要配合信息泄露也可以独立工作，只需要Pool FengShui 足够精妙。

Windows 11 EOP 目前编写了6个可以独立运行的EXPLOIT mp.weixin.qq.com/s/_PjO4_wpe2LQ…

使用 WNF 进行有限制的无限次数任意地址或者越界读写内存 （OOBRW Or WWWRW） 演示漏洞为 (CVE-2021-31956) vul.360.net/archives/83

2021-08-27 I left the company of 360

[CVE-2022-38029] ALPC _SECTION UAF whsgwl.net/images/NtosKrn…

Researcher develops exploit on Windows 10, is told it doesn't count unless it's on Windows 11, resubmits proof it impacts Windows 11 and is told it won't be considered despite being valid. Exploit could easily have landed him $75-150k minimum - received a $5k general award. :-/

Microsoft flagged my vulnerability as Post Auth instead of Pre Auth,I don't understand the relationship between simply sending a specially crafted DHCP packet and RPC that must be authenticated

CVE-2023-28231: The Trend Micro Research Team takes a in depth look at this recently patched RCE bug in the #Microsoft #Windows DHCPv6 service. Their write-up includes root cause analysis and detection guidance: Read the details at zerodayinitiative.com/blog/2023/5/1/…

A big welcome to 晏子霜 , a Windows Security Researcher who is joining us as a speaker. His paper is entitled "Win32k Vulnerability Dead? Taking win32k Exploitation To The Next Level". Read more. offbyone.sg/speakers/ #win32kvulnerabilities #bypasswindows #windowexploit

By design😂

Here's my blog post about CVE-2024-26230. I aim not only to introduce the exploit stage but also hope to share my thoughts on how I completed the exploitation step-by-step in all my posts from now on. whereisk0shl.top/post/a-trick-t…

CVE-2024-38141 ExpLoit

CVE-2024-38107 EOP ALPC CallBack Race UAF The vulnerability was confirmed by Microsoft to be exploited in the wild