The A.R.F Project©

The A.R.F Project©

Search
Skip to content
  • Projects
    • Shellter
    • A.R.F
      • A.R.F Intro
      • Updates/Bug Fixes
      • Download
  • CVEs
    • 2020
      • CVE-2020-14418: madCodeHook Library TOCTOU Local Privilege Escalation
    • 2019
      • CVE-2019-12750: Symantec Endpoint Protection Local Privilege Escalation
      • CVE-2019-9702: Symantec Encryption Desktop – Local Privilege Escalation – Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS
    • 2018
      • CVE-2018-8955 – Bitdefender GravityZone – Arbitrary Code Execution
      • CVE-2018-6851 to CVE-2018-6857 – Sophos SafeGuard – LPE
    • 2017
      • CVE-2017-18019: K7 Computing & Defenx – LPE
    • 2016
      • Carbon Black – Security Advisories: CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569
      • CVE-2016-4025 – Avast SandBox Escape via IOCTL Requests
      • CVE-2016-3943 – ‘Panda Security 2016 Business’ – LPE
    • 2015
      • CVE-2015-8620 – Avast Virtualization Driver – Elevation Of Privileges
      • CVE-2015-8772 – McAfee File Lock Driver – Kernel Memory Leak
      • CVE-2015-8773 – McAfee File Lock Driver – Kernel Stack Based BOF
      • CVE-2015-7600 – Cisco Systems VPN Client Privilege Escalation
      • CVE-2015-3650 – VMware Multiple Products Privilege Escalation
      • CVE-2015-1438 – Panda Security Multiple Products Arbitrary Code Execution
      • CVE-2015-2032 – AVAST 2015 Multiple Products Privilege Escalation
      • CVE-2015-3444 – K7 Multiple Products Privilege Escalation [K7FWFilt.sys]‏
    • 2014
      • #1
        • CVE-2014-9332 – G Data Multiple Products Privilege Escalation [GDNdisIc.sys]‏
        • CVE-2014-7136 – Privilege Escalation In K7 Computing Multiple Products
        • CVE-2014-8956 – Privilege Escalation In K7 Computing Multiple Products
        • CVE-2014-8608 – Null Pointer Dereference In K7 Computing Multiple Products
        • CVE-2014-2382 – Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise
        • CVE-2014-5307 – Privilege Escalation in Panda Security Products
        • CVE-2014-4974 – Kernel Memory Leak in ESET Multiple Windows Products
      • #2
        • CVE-2014-4973 – Privilege Escalation in ESET Windows Products
        • CVE-2014-3752 – Arbitrary Code Execution in G Data TotalProtection 2014
        • CVE-2014-3450 – Privilege Escalation in Panda Security
        • CVE-2014-1221 – Local Code Execution in Dameware Mini Remote Control
        • CVE-2014-2384 – Invalid Pointer Dereference in VMware Workstation and Player
        • CVE-2014-1215 – Local Code Execution in CoreFTP Core FTP Server
        • CVE-2014-2597 – Denial Of Service In PCNetSoftware RAC Server
  • Research
    • #1
      • ntoskrnl v10.0.15063_nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect
      • Analysing the NULL SecurityDescriptor kernel exploitation mitigation in the latest Windows 10 v1607 Build 14393
      • Exploiting a Kernel Paged Pool Buffer Overflow in Avast Virtualization Driver
      • Escaping the Avast Sandbox using a single IOCTL
      • NDI5aster
      • Detecting KDs with a single instruction
      • Credentials Manager – Zip Passwords Caching [Win8.x/10]
    • #2
      • Old Dog – New Tricks
      • Reversing Malware Loaders: Matsnu-A
      • FakeAV – System Progressive Protection
      • IObit Protected Folder Authentication Bypass
      • Windows Explorer DoS Vulnerability
      • Eltima – EXE Password Protector
      • ASProtect – EPIC FAIL!
Research

nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect

April 18, 2017 kyREcon

A short write-up on a tiny update introduced in NT kernel version 10.0.15063 inside nt!SepCreateAccessStateFromSubjectContext that can mess up with your kernel exploits in case you abuse _SEP_TOKEN_PRIVILEGES.Enabled through a Read-Write Primitive to gain EoP.

Read more here.

Enjoy,
kyREcon

_SEP_TOKEN_PRIVILEGES.Enablednt!SepCreateAccessStateFromSubjectContext

Post navigation

Previous PostOn ProtonMail’s “Human Verification”Next PostNDI5aster Paper Updated

Recent Posts

  • NDI5aster Paper Updated
  • nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect
  • On ProtonMail’s “Human Verification”
  • RIP Kris Kaspersky
  • Mitigating the NULL SecurityDescriptor Kernel Exploitation Vector

Categories

  • A.R.F Project News
  • Blog News
  • General Articles
  • Research

Recommended Sites

  • cr4zyserb – deroko of ARTeam
  • crackmes.de
  • Dr. Fu's Security Blog
  • nologin
  • OpenRCE
  • RCE junk
  • reconstructer.org
  • Reverse Engineering b10g | REM
  • Reversing.gr
  • Tuts 4 You
  • UIC
  • Woodman
  • XyliBox

All Rights R3v3rs3d

  • whoami

Search

Proudly powered by WordPress