Mastodawn

Sector 7 Jun 14, 2024

We've published our writeup of CVE-2024-20693, a vulnerability in Windows that allowed spoofing the code signature of binaries by placing them on an SMB share. This research originally was about something different, but we ran into a signature check...

https://sector7.computest.nl/post/2024-06-cve-2024-20693-windows-cached-code-signature-manipulation/

CVE-2024-20693: Windows cached code signature manipulation

In the Patch Tuesday update of April 2024, Microsoft released a fix for CVE-2024-20693, a vulnerability we reported. This vulnerability allowed manipulating the cached signature signing level of an executable or DLL. In this post, we’ll describe how we found this issue and what the impact could be on Windows 11. Background Last year, we started a project to improve our knowledge of Windows internals, specifically about local vulnerabilities such as privilege escalation.

Sector 7

Sector 7 Jan 25, 2024

Here we go again! #Pwn2Own

Sector 7 Oct 10, 2023

On Friday, Thijs Alkemade (@xnyhps) is giving the presentation “Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing” at the Objective by the Sea conference in Marbella (Spain). This talk will describe how XPC connections are implemented on macOS and how a design issue could be exploited to elevate privileges on macOS to root.

For more info, see https://objectivebythesea.org/v6/index.html
A live stream should be available on: https://www.youtube.com/channel/UCQycc8VDhHuNkZlKSSTDHzw

#OBTS #OBTSv6 #macOS

Objective by the Sea v6.0

The Mac Security Conference