{"vulnerability": "CVE-2023-28229", "sightings": [{"uuid": "6cbb407a-b5ca-4947-8843-2369d5492d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-10-04T18:10:02.000000Z"}, {"uuid": "1270628c-1629-4185-9a57-544af2712762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971895", "content": "", "creation_timestamp": "2024-12-24T20:35:21.761224Z"}, {"uuid": "2dfdc9a3-cec9-4ed7-8fa2-604e95b836c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-28229", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5b549e4e-a327-4519-b117-70c5c2df9b88", "content": "", "creation_timestamp": "2026-02-02T12:26:49.353924Z"}, {"uuid": "865e84e9-f366-4135-bcaa-b1a9a4ec0ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:47.000000Z"}, {"uuid": "9219aba4-12e1-42ba-9743-8de7008e1ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1270", "content": "https://github.com/Y3A/CVE-2023-28229\n#github", "creation_timestamp": "2023-10-13T05:10:10.000000Z"}, {"uuid": "1e7586db-663c-400d-ba27-11d54a682564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "Telegram/rHnKW8vRtqy60QWa3MSfn1VkHvdSHD70BkeJGq_U2qcpQ9E", "content": "", "creation_timestamp": "2023-09-19T15:32:10.000000Z"}, {"uuid": "57f9d3b4-5899-4881-a28a-cd8cc9a84bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "exploited", "source": "https://t.me/thehackernews/3967", "content": "\ud83d\udea8 Alert: CISA flags active exploits. Two recent vulnerabilities come under the scanner: \n \n\u2014 CVE-2023-42793: TeamCity Auth Bypass \n\u2014 CVE-2023-28229: Win CNG Flaw \n \nRead details here: https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html \n \nAct fast, secure your networks\u2014patch by Oct 25!", "creation_timestamp": "2023-10-05T11:35:50.000000Z"}, {"uuid": "7f7af2cf-492b-4f2b-8878-3dd43f285c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1004", "content": "https://github.com/Y3A/CVE-2023-28229\n#github #\u63d0\u6743", "creation_timestamp": "2023-09-04T17:10:23.000000Z"}, {"uuid": "7ea6eae0-79ff-4ea3-afb4-c0b8d7982b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/202", "content": "\ud83d\udc7b Ghost in the PPL Part 2: From BYOVDLL to Arbitrary Code Execution in LSASS\n\nIn this second installment, the author deepens the exploration of techniques for bypassing LSASS protection, focusing on arbitrary code execution by refining the PoC, exploiting vulnerabilities like CVE-2023-28229, and bypassing Control Flow Guard (CFG) through RPC-based process handle duplication.\n\n\ud83d\udd17 Source:\nhttps://itm4n.github.io/ghost-in-the-ppl-part-2/\n\n#lsa #lsass #ppl #dll #maldev", "creation_timestamp": "2024-08-22T18:04:01.000000Z"}, {"uuid": "79e9cd2c-8666-4711-b8d8-b59df3695faa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3157", "content": "CVE-2023-28229 - Windows CNG KeyIso RPC EoP/SBX\n\nhttps://github.com/Y3A/CVE-2023-28229", "creation_timestamp": "2023-10-02T14:57:46.000000Z"}, {"uuid": "6d5be836-9421-47b3-b1ea-119f83028287", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3056", "content": "CVE-2023-28229\n\nService Elevation of Privilege Vulnerability in Windows CNG Key Isolation\n\nhttps://github.com/Y3A/CVE-2023-28229\n\nReference: https://whereisk0shl.top/post/isolate-me-from-sandbox-explore-elevation-of-privilege-of-cng-key-isolation", "creation_timestamp": "2023-09-06T19:13:17.000000Z"}, {"uuid": "bee14cfc-6093-43d5-a0d6-06d5b1bdef3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3427", "content": "https://github.com/Y3A/CVE-2023-28229", "creation_timestamp": "2023-10-13T05:12:38.000000Z"}, {"uuid": "c63715ca-9520-4edd-80ad-d855c5176d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3182", "content": "Hackers Factory \n\nTrack down GitHub users.\n\nhttps://github.com/mxrch/GitFive\n\nHere it is, the VMware newest exploit\n\nhttps://github.com/Cyb3rEnthusiast/CVE-2023-34039\n\nA shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption\n\nhttps://github.com/trevorsaudi/Mshikaki\n\nan exploit of Server-side request forgery (SSRF)\n\nhttps://github.com/errorfiathck/ssrf-exploit\n\nUnauthenticated-RCE-FUXA-CVE-2023-33831\n\nhttps://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831\n\nCVE-2023-28229\n\nhttps://github.com/Y3A/CVE-2023-28229\n\nIntroductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the white paper Certified Pre-Owned.\n\nhttps://github.com/arth0sz/Practice-AD-CS-Domain-Escalation\n\nEternalHush - new free advanced open-source c2 framework\n\nhttps://github.com/APT64/EternalHushFramework\n\nPerforms OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. \n\nhttps://github.com/SharadKumar97/OSINT-SPY\n\nGitHub - wvanderp/awesome-dutch-osint\n\nhttps://github.com/wvanderp/awesome-dutch-osint\n\n#infosec #cybersecurity #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-07T08:00:59.000000Z"}, {"uuid": "44abe608-544c-42a7-ba09-5195e6a8c52f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9190", "content": "#exploit\n1. CVE-2023-28229:\nWindows CNG KeyIso RPC EoP/SBX\nhttps://github.com/Y3A/CVE-2023-28229\n\n2. Polygon Smart Contract Bug\nhttps://blog.chain.link/smart-contract-bug-hunting\n\n3. CVE-2023-36723:\nPoC for arbitrary directory creation bug in Container Manager service\nhttps://github.com/Wh04m1001/CVE-2023-36723", "creation_timestamp": "2023-10-13T10:59:01.000000Z"}, {"uuid": "ec9b3707-50b1-4958-8bc2-ce3c3c33d803", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5546", "content": "CVE-2023-28229 - Windows CNG KeyIso RPC EoP/SBX\n\nGithub\n\n#redteam #CVE \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-10-01T13:13:53.000000Z"}, {"uuid": "632747b3-2ae9-440e-8b73-ead6d25240b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28229", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1347", "content": "#exploit\n1. CVE-2023-28229:\nWindows CNG KeyIso RPC EoP/SBX\nhttps://github.com/Y3A/CVE-2023-28229\n\n2. Polygon Smart Contract Bug\nhttps://blog.chain.link/smart-contract-bug-hunting\n\n3. CVE-2023-36723:\nPoC for arbitrary directory creation bug in Container Manager service\nhttps://github.com/Wh04m1001/CVE-2023-36723", "creation_timestamp": "2024-08-16T08:33:55.000000Z"}]}