Our exploit team (
@hugeh0ge
,
@_N4NU_
) has succeeded at
#SMBGhost
pre-auth "remote" code execution.
While SMBGhost has gathered attention due to the potential for RCE, as far as we know, nobody has published a PoC of RCE to date!!
A detailed report will be released later.😉
It's here! Details on how we achieved
#SMBGhost
RCE are available. Enjoy!
"I'll ask your body": SMBGhost pre-auth RCE abusing Direct Memory Access structs by (
@hugeh0ge
)
I just published the presentation "Introduction to Fuzzing" which was used in my previous training.
Now we're preparing a new comprehensive course "Automated Penetration Testing". Stay tune😉