Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver :: — uf0
Tags
| attack-pattern: | Code Signing - T1553.002 Hardware - T1592.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Code Signing - T1116 Hypervisor - T1062 |
Common Information
| Type | Value |
|---|---|
| UUID | ec107593-708b-42f4-af79-fa47d2aa92c9 |
| Fingerprint | 97999b1728a63715 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Sept. 24, 2020, midnight |
| Added to db | Jan. 18, 2023, 11:28 p.m. |
| Last updated | Nov. 6, 2024, 11:12 p.m. |
| Headline | Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver |
| Title | Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver :: — uf0 |
| Detected Hints/Tags/Attributes | 74/1/17 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 1 | cve-2020-17382 |
|
| Details | Domain | 25 | eclypsium.com |
|
| Details | Domain | 1 | lallouslab.net |
|
| Details | Domain | 1 | sizzop.github.io |
|
| Details | Domain | 4 | www.uninformed.org |
|
| Details | File | 2 | amd64fre.vb |
|
| Details | File | 4 | msio64.sys |
|
| Details | File | 1 | string.png |
|
| Details | File | 16 | iostatus.inf |
|
| Details | File | 1 | basic_fuzzer.py |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 1 | kernel-hacking-with-hevd-part-3.html |
|
| Details | Url | 1 | https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered |
|
| Details | Url | 1 | https://eclypsium.com/2019/11/12/mother-of-all-drivers |
|
| Details | Url | 1 | http://lallouslab.net/2016/01/11/introduction-to-writing-x64-assembly-in-visual-studio |
|
| Details | Url | 1 | https://sizzop.github.io/2016/07/07/kernel-hacking-with-hevd-part-3.html |
|
| Details | Url | 1 | http://www.uninformed.org/?v=3&a=4&t=sumry |