【2022/Cobalt Strike】amd-ryzen-master-driver-v17-exploit

显示全部楼层 · 发表于 2023-1-22 14:22:24

https://github.com/tijme/amd-ryzen-master-driver-v17-exploit

This is a Cobalt Strike (CS) Beacon Object File (BOF) and executable which exploits AMD's Ryzen Master Driver (version 17). It only overwrites the beacon process token with the system process token. But, just like KernelMii, this BOF is mostly just a good foundation for further kernel exploitation via CS. You can utilise it to disable EDR, disable ETW TI, dump LSASS PPL, or do other undetected malicious actions.

显示全部楼层 · 发表于 2023-1-22 14:59:23

挺好的一个样本分析文章

[其他相关] 【2022/Cobalt Strike】amd-ryzen-master-driver-v17-exploit