exploitation

Windows Wi-Fi Driver RCE Vulnerability – CVE-2024-30078

In June, during "Patch Tuesday”, Microsoft released a fix for CVE-2024-30078. The severity of this vulnerability was marked as important, with its impact set to Remote Code Execution (RCE). After reading Microsoft’s bulletin, this vulnerability piqued our interest. It seemed plausible for an unauthenticated attacker to send a malicious packet to an adjacent system, which could enable remote...

Windows AppLocker Driver LPE Vulnerability – CVE-2024-21338

When I initially interviewed candidates for CF’s Windows Researchers position, one of the challenges I gave out was related to CVE-2024-21338. A Windows Kernel Elevation of Privileges, specifically an Untrusted Pointer Dereference vulnerability in the appid.sys driver. The driver is responsible for the AppLocker technology. Back then, this vulnerability became famous thanks to Avast's beautiful work on the...

Crowdfense – The challenge

After a few months, since I joined the company, it’s perhaps time for me to write something and inaugurate our blog. First, I want to express my gratitude to the readers who have ventured into our blog for the first time. I understand your anticipation for technical content, and I assure you that this non-technical blog will only be a one-off....