CVE-2024-26229 PoC — Microsoft Windows Kernel 安全漏洞

Source

Associated Vulnerability

Description

BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel

Readme

# CVE-2024-26229 Beacon Object Files

Beacon Object File (BOF) implementations from [NVISO](https://www.nviso.eu) of CVE-2024-26229 for Cobalt Strike and BruteRatel.

Compile with: 

```bash
gcc -c CVE-2024-26229-bof.c -o CVE-2024-26229-bof.o
```

![Cobalt Strike](CobaltStrike.png)

![BruteRatel](BruteRatel.png)

This vulnerability was patched on April 9th, 2024. See [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229) for details.

The software is provided as-is. Do not expect any future updates.

## Acknowledgements

All credits for the exploit code go to the original author [varwara](https://github.com/varwara/CVE-2024-26229/).

## Authors

- **Sander Forrer** (@Cerbersec)

File Snapshot

 [4.0K]  /data/pocs/a412963cf3167aa782c09caf69ce44ceb2c6cc2c
├── [4.0K]  BruteRatel
│   ├── [ 860]  badger_exports.h
│   ├── [4.4K]  CVE-2024-26229-bof.c
│   ├── [2.2K]  CVE-2024-26229-bof.h
│   └── [3.8K]  CVE-2024-26229-bof.o
├── [230K]  BruteRatel.png
├── [4.0K]  Cobalt Strike
│   ├── [6.6K]  beacon.h
│   ├── [4.3K]  CVE-2024-26229-bof.c
│   ├── [2.2K]  CVE-2024-26229-bof.h
│   └── [3.8K]  CVE-2024-26229-bof.o
├── [ 49K]  CobaltStrike.png
├── [1.0K]  LICENSE.md
└── [ 773]  README.md

2 directories, 12 files

Remarks