Hunting CVE-2024-30051: Desktop Window Manager Privilege Escalation | Threat SnapShot
Вставка
- Опубліковано 14 чер 2024
- 🔍 In this episode, we dive into CVE-2024-30051, a critical out-of-bounds write vulnerability in the Desktop Window Manager. This bug, similar to CVE-2023-36033, allows attackers to escalate privileges to SYSTEM by exploiting a heap overflow in dwmcore.dll.
CVE-2024-30051 has been actively exploited to deploy malware like Qakbot, as identified by Kaspersky. This video covers the process of hunting down a sample, executing it in a sandbox environment, and creating effective detections using logs from the exploit’s activity.
CVE-2024-30051 is a significant threat, but with the right detection strategies, we can mitigate its impact. Stay tuned to learn how to protect your systems!
✅ Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.
📢 Have questions or topics you’d like us to cover? Drop a comment below!
👋 Follow us:
/ snapattack
/ snapattackhq
/ ajkingio
/ ajkingio
SnapAttack Resources:
- blog.snapattack.com/hunting-c...
- app.snapattack.com/collection... - Collection: Hunting CVE-2024-30051: Desktop Window Manager Privilege Escalation | Threat SnapShot
- app.snapattack.com/threat/385... - Threat: Captured Threat
- app.snapattack.com/detection/... - Detection: Suspicious File Created by dwm.exe
- app.snapattack.com/detection/... - Detection: Possible CVE-2024-30051 Exploitation
- app.snapattack.com/detection/... - Detection: Suspicious Child of Consent.exe
References:
- msrc.microsoft.com/update-gui...
- securelist.com/cve-2024-30051...
- msrc.microsoft.com/update-gui...
- www.virustotal.com/gui/file/9...
- www.virustotal.com/gui/file/8... - Наука та технологія