Windows ALPC Zero-Day Exploit on github

[argie]

Quote:

Originally Posted by Fyyre

It's obvious why she cannot find employment.

1). Intelligent, but acts emo.

Yep, that was my conclusion also. Very intelligent and VERY well versed in inner workings of Windows because these exploits are not simple but also either emo or fighting some real depression...

Quote:

2). Has made hostile remarks at powerful Nation State actors. It is not hard to learn from a little history... i.e. OpenBSD

Granted this is no longer the start of the GWOT, as in 2003.... There is no need to bite any prospective hands that _could_ feed you. Your Moral Compass May Vary.

Yeah she did also make a few posts to "spite" Microsoft and their products. Also threw quite a lot of insults toward MS and bounty programs.

But I think the worst thing was taunting MS and people in general by saying things like:
- "I might dump another one soon..."
- "Found another, F*** MS, here it is"
- "Dunno what to do... release or not release...

and such...

Quote:

3. Github is open source, there are forks, mirrors... like many of you I too have a copy of this POC. Once online, always online.

APLC is still up. tasksche impersonation LPE and win32k.sys race condition LPE are removed. I searched the net (by filenames) but didn't have much luck. I guess VT-I has it at least.

Quote:

4. It is down right confusing as to why anyone would openly dump a working 0day instead of trying to monetize(legally, or illegally) or at very least... follow the standard channels for "responsible disclosure"

I am also at a loss here. After a first dump (APLC), she ended up on several major "Hacking" news site and made quite the stir because she released the exploit on thursday and "patch tuesday" was long way away so basically for minimum of 5 days people were 100% vulnerable to this.

As to why she didn't report, she never said directly, always steered the conversation away from that...

And also she said MANY times she was low on money. These exploits she is doing are worth like 25k+ Maybe up to 100k. Weird.

Quote:

Many of us have done research of our own that has lead, or been an asset to malicious works. Not due to the fact we directly contributed or were involved. In the fact that in years past we were able to see parts of that research directly reflected in source code leaks, or what have you. It's a strange feeling, although one not often directly attributed.

I guess she went for the less subtle approach. Again, this is all speculation on my part.

Well I agree. Lots of various source code flying around that is useful for malware or other malicious things but many of the authors didnt intend it that way.

This was quite malicious. Leaving people vulnerable once, then do it again...
Not that subtle.

I won't and am in no position to judge anyone. I can "understand" the 1st one but after that MANY people came to her and tried to convice her to go to proper channels of disclosure. But then (after a while) came 2 more and who knows what else what she left private.
People still tried to help but as said earlier she mostly steered the conversations into health and general RL stuff.

Weird cookie.

[Fyyre]

Quote:

Originally Posted by argie

Yep, that was my conclusion also. Very intelligent and VERY well versed in inner workings of Windows because these exploits are not simple but also either emo or fighting some real depression...

From my personal experience, very intelligent people are seldom 'normal'. I think she is very bright... but yes, probably depressed, feels out of place and this allows her to feel some kind of power, or temporary boost from that depression. It's hard to analyze someone. I just remember my own teenage years being hell =)

Quote:

Originally Posted by argie

APLC is still up. tasksche impersonation LPE and win32k.sys race condition LPE are removed. I searched the net (by filenames) but didn't have much luck. I guess VT-I has it at least.

I think you want this one? If is the wrong one, let me know, will hunt it down.

sandboxescaperdemo-master.zip

Here is the one from original post, as the link was dead: PoC-LPE.rar

Quote:

Originally Posted by argie

And also she said MANY times she was low on money. These exploits she is doing are worth like 25k+ Maybe up to 100k. Weird.

If she is depressed, or has bipolar type mood swings -- the illogical act of just releasing, kind of explains that. Again, I don't want to try and diagnosis her from afar.

Quote:

Originally Posted by argie

Well I agree. Lots of various source code flying around that is useful for malware or other malicious things but many of the authors didnt intend it that way.

I'm 99% sure some of my initial PatchGuard and Driver signing disablement work contributed to some of the earlier bootkits for x64 Windows. That was never my intention, I just was looking for something to do when I started on PatchGuard.

Quote:

Originally Posted by argie

This was quite malicious. Leaving people vulnerable once, then do it again...
Not that subtle.

I won't and am in no position to judge anyone. I can "understand" the 1st one but after that MANY people came to her and tried to convice her to go to proper channels of disclosure. But then (after a while) came 2 more and who knows what else what she left private.
People still tried to help but as said earlier she mostly steered the conversations into health and general RL stuff.

I never really considered the full implications of her actions, but yea.. you are correct; once is something. Twice is something else.

-Fyyre