@epakskape Apparently CreateRemoteThread is now covered by CFG?
When I do CreateRemoteThread(..., 0x41414141, ....) in cmd.exe [10.0.16299.19], I no longer get STATUS_ACCESS_VIOLATION, but STATUS_STACK_BUFFER_OVERRUN instead.
I was just curious what real-life attack this would mitigate, as I could not think of anything that does not involve a catch-22 of having to execute code to execute code... except perhaps sandbox escapes? Anyway, thanks for confirming!
-
-
Afaik this is abused in kovter instead of regular process hollow
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.