Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018) | j00ru//vx tech blog
Tags
attack-pattern: Data Trap - T1546.005 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Trap - T1154
Show in Graph
Common Information
Type Value
UUID aa24810d-5c8a-450b-99de-df474f8ccdae
Fingerprint a7ebc8138c250381
Analysis status DONE
Considered CTI value -2
Text language
Published June 22, 2021, 12:25 p.m.
Added to db Jan. 18, 2023, 9:52 p.m.
Last updated Dec. 24, 2024, 2:02 a.m.
Headline Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018)
Title Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018) | j00ru//vx tech blog
Detected Hints/Tags/Attributes 58/1/9
Source URLs
Redirection Url
Details Source https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
URL Provider
Details Provider Source level domain
Details vexillium.org j00ru.vexillium.org
Attributes
Details Type #Events CTI Value
Details Domain 1 
postinglist.data
Details File 1 
searchme.sys
Details File 3 
c:\flag.txt
Details File 3 
brute.exe
Details File 1 
adjacent.exe
Details File 1 
postinglist.dat
Details File 14 
win32kbase.sys
Details File 3 
pooltag.txt
Details File 139 
ntoskrnl.exe