WHEREISK0SHL

A trick, the story of CVE-2024-26230

Author: k0shl of Cyber KunlunSummary

In April 2024, Microsoft patched a use-after-free vulnerability in the telephony service, which I reported and assigned to CVE-2024-26230. I have already complete......

2024-04-10 阅读次数 6777 5 Comments

Isolate me from sandbox - Explore elevation of privilege of CNG Key Isolation

Author: k0shl of Cyber KunlunSummary

In recently months, Microsoft patched vulnerabilities I reported in CNG Key Isolation service, assigned CVE-2023-28229 and CVE-2023-36906, the CVE-2023-28229 incl......

2023-09-01 阅读次数 10087 8 Comments

Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe

Author: k0shl of Cyber Kunlun

In February 2022, Microsoft patched the vulnerability I used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in N......

2022-08-25 阅读次数 27678 4 Comments