CVE-2024-26229

This is a functional local privilege escalation (LPE) exploit for CVE-2024-26229, targeting a Windows kernel vulnerability via DKOM (Direct Kernel Object Manipulation). It leverages NtFsControlFile to overwrite the EPROCESS token and achieve SYSTEM privileges.

This repository contains a Firebeam plugin for exploiting CVE-2024-26229, a vulnerability in csc.sys that allows kernel R/W memory access to achieve local privilege escalation (LPE) by corrupting KTHREAD->PreviousMode and leveraging DKOM to copy the system process token.

This repository contains a functional proof-of-concept exploit for CVE-2024-26229, a Windows kernel vulnerability in the CSC driver. The exploit leverages arbitrary memory writes to achieve local privilege escalation (LPE) via token manipulation.

The repository contains a README describing CVE-2024-26229, a Windows CSC service privilege escalation vulnerability involving a heap-based buffer overflow. No exploit code is provided, only a description and a claim of bypassing Kaspersky/Windows Defender.

This repository contains a functional Beacon Object File (BOF) exploit for CVE-2024-26229, a Windows CSC driver local privilege escalation vulnerability. The exploit leverages DKOM (Direct Kernel Object Manipulation) to steal the SYSTEM token by corrupting KTHREAD->PreviousMode via a crafted IOCTL.

This is a functional local privilege escalation (LPE) exploit for CVE-2024-26229 targeting Windows systems. It leverages a vulnerability in the CSC (Client-Side Caching) driver to manipulate kernel memory, ultimately stealing the SYSTEM token to elevate privileges.

The repository contains only a README.md file referencing another GitHub repository for CVE-2024-26229, with no actual exploit code or technical details provided.

This PoC exploits CVE-2024-26229, a vulnerability in the csc.sys driver on Windows 11 22H2, leveraging improper address validation in an IOCTL to achieve local privilege escalation (LPE) via DKOM (Direct Kernel Object Manipulation).