{"vulnerability": "CVE-2021-3693", "sightings": [{"uuid": "38080ec0-cf6d-47c5-8b94-895468815454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "851d3c6b-28d3-4c86-825e-36b4187eb869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971251", "content": "", "creation_timestamp": "2024-12-24T20:26:31.439751Z"}, {"uuid": "b52efb78-c48d-44d0-bbf4-1a9e59f268d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:39.000000Z"}, {"uuid": "e4709297-cbc8-40b9-be16-b99f26746f40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "f3600ea7-ddcc-4104-89ab-193c28605ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:31.000000Z"}, {"uuid": "69581deb-e67f-4bc6-84a5-1b5bc21f0240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/windows_sam_hivenightmare.rb", "content": "", "creation_timestamp": "2021-07-29T17:01:27.000000Z"}, {"uuid": "86d43adb-6755-4945-b244-c88739bcc95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:59.000000Z"}, {"uuid": "e09e656f-1670-4235-a81d-12b12986599a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://gist.github.com/josephb4224/1d49fcfaa37fb1523b5451314f37b669", "content": "", "creation_timestamp": "2026-03-16T13:31:31.000000Z"}, {"uuid": "445c4101-c21e-4bbd-a0c2-e9246221bfa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://gist.github.com/garagon/85a72cafb243e1a793677270ca7fad6d", "content": "", "creation_timestamp": "2026-02-17T13:27:58.000000Z"}, {"uuid": "7ec6f8fa-bcfc-44e7-b361-7cfaadd9cb5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-36934", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/980bf297-4b65-4417-93e5-bb8927280add", "content": "", "creation_timestamp": "2026-02-02T12:28:23.834300Z"}, {"uuid": "fee96c7f-71eb-4060-9589-8102134d4bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-36936", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=628", "content": "", "creation_timestamp": "2021-08-11T04:00:00.000000Z"}, {"uuid": "e99bcbd4-0454-4f06-b66a-186509f6b382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/74", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aExploit\n\u63cf\u8ff0\uff1aPure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation\nURL\uff1ahttps://github.com/HuskyHacks/ShadowSteal", "creation_timestamp": "2021-07-25T16:00:35.000000Z"}, {"uuid": "0b49ad32-1073-48f5-9570-80a3b87af870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/76", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation\nURL\uff1ahttps://github.com/jmaddington/Serious-Sam---CVE-2021-36934-Mitigation-for-Datto-RMM", "creation_timestamp": "2021-07-25T18:05:33.000000Z"}, {"uuid": "1d2c9947-405d-42f9-a7fe-2ddd19985cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/73", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aC# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM\nURL\uff1ahttps://github.com/cube0x0/CVE-2021-36934", "creation_timestamp": "2021-07-25T15:44:25.000000Z"}, {"uuid": "47fd5fda-eb40-4a63-b7cf-587e64ece8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36931", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/466", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-36928 : Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931.\nURL\uff1ahttps://github.com/AlAIAL90/CVE-2021-0114", "creation_timestamp": "2021-09-01T16:45:54.000000Z"}, {"uuid": "029fd587-3ce4-4d41-8024-fed5a2cfa3c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/470", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-36934 : Windows Elevation of Privilege Vulnerability\nURL\uff1ahttps://github.com/AlAIAL90/CVE-2021-36934", "creation_timestamp": "2021-09-02T00:51:19.000000Z"}, {"uuid": "2cf0848e-545f-4778-9e50-d159ac0a22ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/65", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for CVE-2021-36934 Aka HiveNightmare/SeriousSAM written in python3\nURL\uff1ahttps://github.com/Sp00p64/PyNightmare", "creation_timestamp": "2021-07-25T04:38:42.000000Z"}, {"uuid": "247f90db-3254-4952-bee4-b0af1cd60ba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/173", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-36934 PowerShell Fix\nURL\uff1ahttps://github.com/tda90/CVE-2021-36934", "creation_timestamp": "2021-07-29T06:50:25.000000Z"}, {"uuid": "85eaaefc-9cc0-46ea-ad9e-7d5a0e342ed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/189", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-36934 HiveNightmare vulnerability checker and workaround\nURL\uff1ahttps://github.com/irissentinel/CVE-2021-36934", "creation_timestamp": "2021-07-29T20:38:38.000000Z"}, {"uuid": "7aaf3873-0974-4ba7-bb56-b57b43bab9ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1343", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation\nURL\uff1ahttps://github.com/HuskyHacks/ShadowSteal", "creation_timestamp": "2022-01-16T02:04:17.000000Z"}, {"uuid": "f4ce16cb-8307-4062-b2d5-30f54b34f8b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/CyberGovIL/1301", "content": "Com7910 | \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05d4\u05d2\u05e0\u05d4 \u05e2\u05dc \u05e7\u05d1\u05e6\u05d9 \u05de\u05e2\u05e8\u05db\u05ea \u05e8\u05d2\u05d9\u05e9\u05d9\u05dd \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05d4\u05e2\u05dc\u05d0\u05ea \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05dc\u05e8\u05de\u05ea SYSTEM\n\n\u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4 \u05e4\u05e8\u05e1\u05de\u05d4 \u05d7\u05d1\u05e8\u05ea \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8 \u05d4\u05ea\u05e8\u05e2\u05d4 \u05d1\u05e0\u05d5\u05d2\u05e2 \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d4\u05e7\u05d9\u05d9\u05de\u05ea \u05d1\u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05d4\u05e4\u05e2\u05dc\u05d4 \u05de\u05ea\u05d5\u05e6\u05e8\u05ea\u05d4.\n\n\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d4\u05e2\u05dc\u05d0\u05ea \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05dc\u05e8\u05de\u05ea SYSTEM.\n\n\u05de\u05e7\u05d5\u05e8 \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05e8\u05d7\u05d1\u05d5\u05ea \u05de\u05d3\u05d9 \u05e9\u05e0\u05d9\u05ea\u05e0\u05d5 \u05dc\u05e7\u05d1\u05e6\u05d9\u05dd \u05e8\u05d2\u05d9\u05e9\u05d9\u05dd, \u05db\u05d5\u05dc\u05dc \u05d4\u05e7\u05d1\u05e6\u05d9\u05dd \u05d4\u05de\u05db\u05d9\u05dc\u05d9\u05dd \u05d0\u05ea \u05d4-Security Accounts Manager (SAM).\n\n\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e7\u05d9\u05d1\u05dc\u05d4 \u05d0\u05ea \u05d4\u05de\u05d6\u05d4\u05d4 CVE-2021-36934.\n\n\u05e0\u05d9\u05ea\u05df \u05dc\u05e0\u05e6\u05dc \u05d0\u05ea \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d0\u05dd \u05d4\u05ea\u05d5\u05e7\u05e3 \u05d9\u05db\u05d5\u05dc \u05dc\u05d4\u05e8\u05d9\u05e5 \u05e7\u05d5\u05d3 \u05e2\u05dc \u05d4\u05e2\u05de\u05d3\u05d4 \u05d4\u05de\u05d5\u05ea\u05e7\u05e4\u05ea.\n\n\u05d2\u05e8\u05e1\u05d0\u05d5\u05ea \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea:\n\u05e0\u05db\u05d5\u05df \u05dc\u05ea\u05d0\u05e8\u05d9\u05da \u05d4\u05ea\u05e8\u05e2\u05d4 \u05d6\u05d5 \u05d9\u05d3\u05d5\u05e2 \u05db\u05d9 \u05db\u05dc \u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05d4\u05d4\u05e4\u05e2\u05dc\u05d4 \u05d4\u05d7\u05dc \u05de-Windows 10 version 1809 (\u05db\u05d5\u05dc\u05dc), \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea.\n\n\u05d4\u05d7\u05d1\u05e8\u05d4 \u05e2\u05d3\u05d9\u05d9\u05df \u05d1\u05d5\u05d3\u05e7\u05ea \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea\u05df \u05e9\u05dc \u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05d4\u05e4\u05e2\u05dc\u05d4 \u05d9\u05e9\u05e0\u05d5\u05ea \u05d9\u05d5\u05ea\u05e8.\n\n\u05d3\u05e8\u05db\u05d9 \u05d4\u05ea\u05de\u05d5\u05d3\u05d3\u05d5\u05ea:\n\u05db\u05de\u05e2\u05e7\u05e3 \u05d1\u05dc\u05d1\u05d3, \u05e2\u05d3 \u05dc\u05e4\u05e8\u05e1\u05d5\u05dd \u05e2\u05d3\u05db\u05d5\u05df, \u05de\u05de\u05dc\u05d9\u05e6\u05d4 \u05d4\u05d7\u05d1\u05e8\u05d4 \u05dc\u05d4\u05d2\u05d1\u05d9\u05dc \u05d2\u05d9\u05e9\u05d4 \u05dc\u05ea\u05d5\u05db\u05df \u05e9\u05dc \u05d4\u05e1\u05e4\u05e8\u05d9\u05d4 %windir%\\system32\\config, \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05d4\u05e4\u05e7\u05d5\u05d3\u05d4:\n\nicacls %windir%\\system32\\config\\*.* /inheritance:e\n\n\u05d9\u05e9 \u05dc\u05d4\u05e8\u05d9\u05e5 \u05d0\u05ea \u05d4\u05e4\u05e7\u05d5\u05d3\u05d4 \u05ea\u05d7\u05ea \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05de\u05e0\u05d4\u05dc\u05df (Administrator).\n\n\u05d1\u05e0\u05d5\u05e1\u05e3, \u05d4\u05de\u05e2\u05e7\u05e3 \u05de\u05d7\u05d9\u05d9\u05d1 \u05de\u05d7\u05d9\u05e7\u05ea \u05d4-Volume Shadow Copy Service (VSS) shadow copies, \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05de\u05d7\u05d9\u05e7\u05d4 \u05e9\u05dc \u05db\u05dc \u05d4- System Restore points\u05d5\u05d4- Shadow volumes \u05e9\u05d4\u05d9\u05d5 \u05e7\u05d9\u05d9\u05de\u05d9\u05dd \u05d1\u05e2\u05de\u05d3\u05d4/\u05e9\u05e8\u05ea \u05d8\u05e8\u05dd \u05d4\u05d2\u05d1\u05dc\u05ea \u05d4\u05d2\u05d9\u05e9\u05d4 \u05dc\u05e1\u05e4\u05e8\u05d9\u05d4 \u05d4\u05e0\"\u05dc.\n\n\u05dc\u05d0\u05d7\u05e8 \u05d4\u05de\u05d7\u05d9\u05e7\u05d4 \u05e0\u05d9\u05ea\u05df \u05dc\u05d9\u05e6\u05d5\u05e8 System Restore point \u05d7\u05d3\u05e9.\n\n\u05e0\u05d3\u05e8\u05e9 \u05dc\u05d1\u05e6\u05e2 \u05d0\u05ea 2 \u05d4\u05e4\u05e2\u05d5\u05dc\u05d5\u05ea \u05e2\u05dc \u05de\u05e0\u05ea \u05e9\u05d4\u05d4\u05d2\u05e0\u05d4 \u05e9\u05dc \u05d4\u05de\u05e2\u05e7\u05e3 \u05de\u05e4\u05e0\u05d9 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d6\u05d5 \u05ea\u05d4\u05d9\u05d4 \u05de\u05dc\u05d0\u05d4.\n\n\u05ea\u05e9\u05d5\u05de\u05ea \u05dc\u05d1 \u05db\u05d9 \u05e4\u05e2\u05d5\u05dc\u05ea \u05d4\u05de\u05d7\u05d9\u05e7\u05d4 \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05e9\u05d1\u05e9 \u05e4\u05e2\u05d5\u05dc\u05d5\u05ea \u05e9\u05d7\u05d6\u05d5\u05e8, \u05db\u05d5\u05dc\u05dc \u05e9\u05d7\u05d6\u05d5\u05e8 \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05ea\u05d5\u05db\u05e0\u05d5\u05ea \u05e6\u05d3 \u05d2', \u05e2\u05d3 \u05dc\u05d9\u05e6\u05d9\u05e8\u05ea System Restore Point \u05e2\u05d3\u05db\u05e0\u05d9.\n\n\u05de\u05e7\u05d5\u05e8\u05d5\u05ea:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934", "creation_timestamp": "2021-07-21T14:22:34.000000Z"}, {"uuid": "433d1268-563c-4984-b317-99ebe71fe30c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/239", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aSeriousSAM Auto Exploiter\nURL\uff1ahttps://github.com/websecnl/CVE-2021-36934", "creation_timestamp": "2021-08-01T19:58:00.000000Z"}, {"uuid": "ab17e704-ea95-484d-b7cc-8233e6fd9c5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/pt_soft/243", "content": "\ud83d\uddbc\ufe0f Moriarty v1.1\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-03-15T08:58:02.000000Z"}, {"uuid": "e7fb6e79-2316-4f16-b452-e0f1bd4f0e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "Telegram/e_NHlWYILInJ8zbDCKp7-kCjwOvHBXhrEoq4o-3KE0_WAd8", "content": "", "creation_timestamp": "2025-06-09T09:00:05.000000Z"}, {"uuid": "d5bf1054-3128-4781-95f0-cc561dd70634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/devukraine/178", "content": "\u0423 Windows 10 \u0442\u0430 11 \u0437\u043d\u0430\u0439\u0448\u043b\u0438 0-day \u0443\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c, \u0449\u043e \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u0454 \u043f\u0456\u0434\u0432\u0438\u0449\u0438\u0442\u0438 \u043f\u0440\u0430\u0432\u0430 \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0430.\n\u041f\u0440\u043e\u0441\u0442\u0456\u0448\u0435 \u043a\u0430\u0436\u0443\u0447\u0438, \u0432 \u0447\u0435\u0440\u0433\u043e\u0432\u0438\u0439 \u0440\u0430\u0437 \u0431\u0443\u0434\u044c-\u044f\u043a\u0430 \u043b\u044e\u0434\u0438\u043d\u0430 \u0437 \u043f\u043e\u0442\u0440\u0456\u0431\u043d\u0438\u043c\u0438 \u0437\u043d\u0430\u043d\u043d\u044f\u043c\u0438 \u043c\u043e\u0436\u0435 \u043d\u0430\u0437\u0432\u0430\u0442\u0438\u0441\u044f \u0430\u0434\u043c\u0456\u043d\u0456\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u043c \u0442\u0430 \u043e\u0442\u0440\u0438\u043c\u0430\u0442\u0438 \u043f\u043e\u0432\u043d\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043a\u043e\u043c\u043f'\u044e\u0442\u0435\u0440\u043e\u043c.\nJonas Lykkegaard \u043f\u043e\u0432\u0456\u0434\u043e\u043c\u0438\u0432 \u043f\u0440\u043e \u0437\u043d\u0430\u0439\u0434\u0435\u043d\u0443 \u043d\u0438\u043c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432 \u0442\u0432\u0456\u0442\u0442\u0435\u0440\u0456 \u0442\u0430 \u0437\u0430\u0440\u0430\u0437 Microsoft \u0432\u0456\u0434\u0441\u0442\u0435\u0436\u0443\u0454 \u0457\u0457 \u043f\u0456\u0434 \u043d\u043e\u043c\u0435\u0440\u043e\u043c CVE-2021-36934. \u041d\u0430\u0440\u0430\u0437\u0456  \u043e\u0444\u0456\u0446\u0456\u0439\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u043d\u0435 \u0431\u0443\u043b\u043e \u0432\u0438\u043f\u0443\u0449\u0435\u043d\u043e\u0457.\n\u0421\u0430\u0439\u0442 BeepingComputer \u043f\u0440\u043e\u043f\u043e\u043d\u0443\u0454 \u0442\u0438\u043c\u0447\u0430\u0441\u043e\u0432\u0435 \u0432\u0438\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044f \u043f\u043e\u043a\u0438 \u043e\u0447\u0456\u043a\u0443\u0454\u0442\u044c\u0441\u044f \u043f\u0430\u0442\u0447 \u0432\u0456\u0434 Microsoft.", "creation_timestamp": "2021-07-21T12:05:02.000000Z"}, {"uuid": "0f04b971-4cad-4211-969a-de04e5952ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/270", "content": "\ud83d\uddbc\ufe0f \ud83d\udd04 Moriarty v1.2\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n1.2 added:\n2023-23397\n2022-34718\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-05-03T09:04:40.000000Z"}, {"uuid": "83d811e9-ba70-4f2e-bc4a-ce3d9fcdf089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/is_n3ws/45", "content": "WINDOWS LPE \"HiveNightmare\" or \"SeriousSAM\"\nCVE-2021-36934\nThe problem is aggravated by the fact the 'shadow copy' of the system drive where these files can be found is created when someone performs a Windows Update if that drive is larger than 128GB (!). So, even if your version of Windows 10 wasn't initially impacted, it could be after updating.\n\n1) Check permissions:\nicacls.exe C:\\Windows\\System32\\config\\SAM\n\n2) Check shadow copies, restore points\n[System.IO.File]::Exists('\\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\config\\SAM')\n[System.IO.File]::Exists('\\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy2\\Windows\\System32\\config\\SAM')\n[System.IO.File]::Exists('\\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy3\\Windows\\System32\\config\\SAM')\n... and so on\n\n3) Copy SAM and SYSTEM files from shadow copy:\n[System.IO.File]::Copy('\\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\config\\SAM', 'C:\\Temp\\SAM')\n[System.IO.File]::Copy('\\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\config\\SYSTEM', 'C:\\Temp\\SYSTEM')", "creation_timestamp": "2021-07-21T15:18:22.000000Z"}, {"uuid": "81c6da53-7a84-4c16-900a-d7342abff1b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3693", "type": "seen", "source": "https://t.me/arpsyndicate/2043", "content": "#ExploitObserverAlert\n\nCVE-2021-3693\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3693. LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.\n\nFIRST-EPSS: 0.018710000\nNVD-IS: 6.0\nNVD-ES: 2.8", "creation_timestamp": "2023-12-20T15:42:43.000000Z"}, {"uuid": "8de4b9b9-950a-4a26-acbe-5e610dc1fa1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/arpsyndicate/1207", "content": "#ExploitObserverAlert\n\nCVE-2021-36934\n\nDESCRIPTION: Exploit Observer has 105 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability\n\nFIRST-EPSS: 0.000870000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T12:42:12.000000Z"}, {"uuid": "789b8c4b-9547-4ff2-a861-e71e7afb1523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/arpsyndicate/865", "content": "#ExploitObserverAlert\n\nCVE-2021-36934\n\nDESCRIPTION: Exploit Observer has 105 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability\n\nFIRST-EPSS: 0.000870000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-02T00:32:50.000000Z"}, {"uuid": "62f2bfcd-ee9b-47ab-bae6-171622cb5043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "Telegram/WHiW20ApMXZ6BNOO7aAQifpQOu6FZHwCyZuwN2MThusKzg", "content": "", "creation_timestamp": "2021-07-26T17:02:12.000000Z"}, {"uuid": "ed5431c5-9e5d-4cc4-92ad-0f1747ad0e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/arpsyndicate/197", "content": "#ExploitObserverAlert\n\nCVE-2021-36934\n\nDESCRIPTION: Exploit Observer has 100 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability\n\nFIRST-EPSS: 0.000870000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-17T04:16:49.000000Z"}, {"uuid": "31b4018b-0a65-495d-9287-554d4abf04e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/186", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-18T23:06:09.000000Z"}, {"uuid": "be92e9d4-4cd9-422d-996d-0d20366c6f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/arpsyndicate/56", "content": "#ExploitObserverAlert\n\nCVE-2021-36934\n\nDESCRIPTION: Exploit Observer has 100 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability\n\nFIRST-EPSS: 0.000870000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-10T21:22:26.000000Z"}, {"uuid": "b5608479-6047-4abe-b381-6ea7b21bea20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "Telegram/wHakPuUc8uo4HVHNEvHyeJkjvrNOaId4E2Z8Zq2TcNfY2g", "content": "", "creation_timestamp": "2021-07-22T16:26:20.000000Z"}, {"uuid": "8cd33be3-66ae-470a-9803-0a6186a02959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/788", "content": "CVE-2021-36934 Windows\u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-36934_Windows%E6%AC%8A%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:03.000000Z"}, {"uuid": "3e2382d8-ef35-43af-a80d-bde74728720a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/true_secator/1934", "content": "Microsoft \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 CVE-2021-36934, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a SeriousSAM, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Windows 10, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 2,5 \u0433\u043e\u0434\u0430.\n\n\u041e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043a\u043e\u0433\u0434\u0430 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Windows 11 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Jonas Lyk \u043e\u0431\u0440\u0430\u0442\u0438\u043b \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 SAM, SECURITY \u0438 SYSTEM \u0431\u044b\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u044f\u0445, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 Shadow Volume Copy.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Windows 10,\u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 v 1809. \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Security Account Manager \u0434\u0430\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0445\u0435\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u0430\u0440\u043e\u043b\u0438, \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0445\u044d\u0448\u0438 \u0432 \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438. \u0414\u0440\u0443\u0433\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0432 \u043f\u0430\u043f\u043a\u0430\u0445 SYSTEM \u0438 SECURITY, \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043a\u043b\u044e\u0447\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f DPAPI \u0438 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e\u0431 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \u043a Active Directory. \u041f\u043e \u0438\u0442\u043e\u0433\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u0441\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0432 Microsoft \u0441\u043a\u0435\u043f\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0442\u043d\u0435\u0441\u043b\u0438\u0441\u044c \u043a CVE, \u043e\u0442\u043c\u0435\u0442\u0438\u0432, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0440\u0435\u0436\u0434\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0447\u0442\u043e\u0431\u044b \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e. \n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0434\u043b\u044f \u043a\u0443\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0433\u0440\u043e\u0437 \u043e\u043d\u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u043c\u0443 % windir% \\ system32 \\ config \u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0432\u0441\u0435 \u0442\u043e\u0447\u043a\u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u0442\u0435\u043d\u0435\u0432\u044b\u0435 \u0442\u043e\u043c\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0434\u043e \u0432\u0432\u043e\u0434\u0438\u043c\u043e\u0433\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430.", "creation_timestamp": "2021-07-22T14:21:30.000000Z"}, {"uuid": "df66c9c2-7d29-4a7b-8e70-411b05b22575", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36936", "type": "seen", "source": "https://t.me/true_secator/1993", "content": "\u200b\u200b\u00ab\u0418\u043c\u043f\u0435\u0440\u0438\u044f \u043d\u0430\u043d\u043e\u0441\u0438\u0442 \u043e\u0442\u0432\u0435\u0442\u043d\u044b\u0439 \u0443\u0434\u0430\u0440\u00bb - \u0442\u0430\u043a \u043c\u044b \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0438\u043c, \u043f\u043e\u0436\u0430\u043b\u0443\u0439, \u044d\u043f\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u0430\u0442\u0447 \u043e\u0442 Microsoft, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 44 CVE, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 7 - \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 3 - zeroday, 37 - \u0432\u0430\u0436\u043d\u044b\u0435, 13 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, 8 - \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0430 \u0433\u043b\u0430\u0432\u043d\u043e\u0435 - \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043a\u0430\u043a \u0431\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f PrintNightmare \u0438 PetitPotam.\n\n\u0412 \u043e\u0431\u0449\u0435\u043c, \u0431\u0430\u0433\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 NET Core, Visual Studio, ASP.NET Core, Azure, \u0426\u0435\u043d\u0442\u0440 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Windows,  \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 Windows, Windows Media, \u0417\u0430\u0449\u0438\u0442\u043d\u0438\u043a Windows, \u043a\u043b\u0438\u0435\u043d\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430, Microsoft Dynamics, Microsoft Edge, Microsoft Office, Microsoft Office SharePoint \u0438 \u0434\u0440.\n\n\u041a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u043e\u0448\u0438\u0431\u043a\u0430\u043c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f:\n \u2022 CVE-2021-36948: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c  \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 Windows Update Medic;\n \u2022 CVE-2021-36942: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043c\u0435\u043d\u044b Windows LSA;\n \u2022 CVE-2021-36936: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438  \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 Windows.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u0437 \u043d\u0438\u0445, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u043c Microsoft, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u0435 \u043b\u0438\u0448\u044c CVE-2021-36948, \u043e\u0434\u043d\u0430\u043a\u043e \u043a\u0435\u043c \u0438 \u043a\u0430\u043a \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u0443\u043c\u0430\u043b\u0447\u0438\u0432\u0430\u0435\u0442. \u041c\u044b \u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0447\u0442\u043e \u0437\u0430 \u043d\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0430\u044f 2020-\u0433\u043e\u0434\u0430 CVE-2020-17070, \u0430 \u0440\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u0432\u043e\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u044b\u043c \u0444\u043e\u043a\u0443\u0441\u043e\u043c \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u041d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0436\u0435 \u0441\u0440\u0435\u0434\u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0434\u0435\u043b\u0438\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 CVE-2021-26424, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f Windows TCP/IP Remote Code Execution \u0432 \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 Windows 7\u201310 \u0438 Windows Server 2008\u20132019. \u041e\u0448\u0438\u0431\u043a\u0430, \u0441 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0434\u043e\u043b\u0435\u0439 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0432 \u0432\u0438\u0434\u0443 \u0435\u0435 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u043a\u0430\u043a \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 CVE-2020-16898, \u044d\u043a\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0432\u0448\u0430\u044f\u0441\u044f \u0432\u0434\u043e\u043b\u044c \u0438 \u043f\u043e\u043f\u0435\u0440\u0435\u043a \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443.\n\n\u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u0437\u0430\u043c\u0435\u0447\u0430\u043d\u0438\u0435 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u0438 \u043a CVE-2021-26432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 NFS ONCRPC XDR \u0441\u043b\u0443\u0436\u0431 Windows, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f  \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043d\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u043d\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041c\u043e\u0436\u043d\u043e \u043e\u0442\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432 NETSH \u0432 \u0432\u043e\u043f\u0440\u043e\u0441\u0435 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0430\u0442\u0430\u043a\u0430\u043c PetitPotam, \u043f\u0430\u0442\u0447 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0432\u0435\u043a\u0442\u043e\u0440 \u044d\u0442\u043e\u0439 \u0430\u0442\u0430\u043a\u0438, \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044f \u0432\u044b\u0437\u043e\u0432\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 API OpenEncryptedFileRawA \u0438 OpenEncryptedFileRawW \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 LSARPC. \u041d\u043e \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0441 \u044d\u0442\u0438\u043c \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u044e EFS API OpenEncryptedFileRaw (A / W) \u0432 Windows 7 \u0438 Windows Server 2008, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438. \u0412\u0441\u0435 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c PrintNightmare \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0432\u043e\u0434\u0430 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0430\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0423\u043a\u0430\u0437\u0430\u0442\u044c \u0438 \u043d\u0430\u043f\u0435\u0447\u0430\u0442\u0430\u0442\u044c.\n\n\u0412\u0441\u0435 \u0431\u044b \u043d\u0438\u0447\u0435\u0433\u043e, \u043d\u043e!\n\n\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043d\u0435\u0431\u0435\u0437\u044b\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \nBenjamin Delpy \u0437\u0430\u0431\u043e\u043c\u0431\u0438\u043b, \u0447\u0442\u043e \u0435\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u043d\u044b\u0439 \u0434\u0440\u0430\u0439\u0432\u0435\u0440 \u043f\u0435\u0447\u0430\u0442\u0438 PoC, \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c Still SYSTEM from standard user\u2026\n\n\u041f\u043e\u0445\u043e\u0436\u0435, \u043e\u0442\u0432\u0435\u0442\u043d\u044b\u0439 \u00ab\u0443\u0434\u0430\u0440 \u0438\u043c\u043f\u0435\u0440\u0438\u0438\u00bb \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043e\u0442\u0440\u0435\u043a\u043e\u0448\u0435\u0442\u0438\u043b, \u0432 \u043e\u0431\u0440\u0430\u0442\u043d\u0443\u044e \u0441\u0442\u043e\u0440\u043e\u043d\u0443. \u042d\u0445, \u0430 \u043c\u044b \u0442\u0430\u043a \u043d\u0430\u0434\u0435\u044f\u043b\u0438\u0441\u044c.", "creation_timestamp": "2021-08-11T18:46:50.000000Z"}, {"uuid": "250c3bb5-40b6-4a2a-9f89-00c220f5696f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36930", "type": "seen", "source": "https://t.me/cibsecurity/28252", "content": "\u203c CVE-2021-36930 \u203c\n\nMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-03T02:36:30.000000Z"}, {"uuid": "aefeedef-5dd9-4c5a-8ce0-02b651ea8b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36938", "type": "seen", "source": "https://t.me/cibsecurity/27250", "content": "\u203c CVE-2021-36938 \u203c\n\nWindows Cryptographic Primitives Library Information Disclosure Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T22:39:55.000000Z"}, {"uuid": "32c29c3b-1963-451f-9e0b-069fa7ce64e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36931", "type": "seen", "source": "https://t.me/cibsecurity/27913", "content": "\u203c CVE-2021-36928 \u203c\n\nMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-26T22:27:34.000000Z"}, {"uuid": "a1dc783d-a91c-4b8a-9869-ae7ad035d96e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "seen", "source": "https://t.me/thehackernews/1386", "content": "New Windows and Linux Flaws Give Attackers Highest System Privileges (SYSTEM / root):\n\n1 \u2014 Microsoft has tagged this new vulnerability CVE-2021-36934, marking it as the 3rd publicly disclosed unpatched Windows bug this month.\n\n2 \u2014 Dubbed \"Sequoia,\" the Linux flaw (CVE-2021-33909) affects all kernel versions from 2014, including default installations of Ubuntu, Debian, Fedora and RHEL.\n\nhttps://thehackernews.com/2021/07/new-windows-and-linux-flaws-give.html", "creation_timestamp": "2021-07-21T08:58:01.000000Z"}, {"uuid": "54154fe1-3f79-4dae-b8b9-407b0716be24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3891", "content": "#Offensive_security\nPure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM Local Privilege Escalation\nhttps://github.com/HuskyHacks/ShadowSteal\n]-&gt; PoC:\nhttps://github.com/cube0x0/CVE-2021-36934", "creation_timestamp": "2021-07-28T08:28:03.000000Z"}, {"uuid": "6fa27e80-20fa-4678-b135-f5133b1df950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4016", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (July 1-31)\nCVE-2021-1675 - Windows Print Spooler EoP\nhttps://t.me/cybersecuritytechnologies/3723\nCVE-2021-34527 - Windows Print Spooler RCE\nhttps://t.me/cybersecuritytechnologies/3750\nCVE-2021-36934 - Windows SeriousSAM EoP\nhttps://t.me/cybersecuritytechnologies/3891\nCVE-2021-33909 - Sequoia - A LPE Vulnerability in Linux\u2019s Filesystem Layer\nhttps://t.me/cybersecuritytechnologies/3884\nCVE-2021-22555 - Heap out-of-bounds write vuln in Linux Netfilter\nhttps://t.me/cybersecuritytechnologies/3841\nCVE-2021-30807 - OOBR in AppleCLCD/IOMobileFrameBuffer\nhttps://t.me/cybersecuritytechnologies/3930\nCVE-2020-27020 - Vulnerability in Kaspersky Password Manager\nhttps://donjon.ledger.com/kaspersky-password-manager\nCVE-2021-35211 - SolarWinds Serv-U Managed File Transfer Vuln\nhttps://t.me/CyberSecurityTechnologies/4714\nCVE-2021-34481 - Windows Print Spooler EoP\nhttps://mobile.twitter.com/gentilkiwi/status/1416429860566847490\nCVE-2021-3438 - Printer\u2019s Drivers Vulnerability\nhttps://t.me/cybersecuritytechnologies/3969", "creation_timestamp": "2024-01-18T03:22:33.000000Z"}, {"uuid": "f7aa1434-25cd-4d41-9dda-7a8ac9ee0865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4205", "content": "#Whitepaper\n\"HiveNightmare aka SeriousSAM\", 2021.\n// It details an overview of CVE-2021-36934 and provides exploitation details", "creation_timestamp": "2021-09-02T11:05:07.000000Z"}, {"uuid": "984cd438-49c1-47f8-aebe-0019be254a7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/19", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:15:23.000000Z"}, {"uuid": "d113c224-e490-49e9-afe9-e81d8a96db3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36934", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/18", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:14:31.000000Z"}]}