LoreonLabsPlatform

Overview

Intelligence

Markets
Builders
Research
Narratives
Ecosystems
Launchpads

Discover

Search
Sources

C

BlueHammerFix

Analysis and detection engineering for the BlueHammer Windows Defender local privilege escalation vulnerability. This repo includes bug fixes, 7 Sigma rules, 4 YARA rules, and MITRE ATT&CK-mapped technical report

CEmerging

Stars

92

Forks

39

Contributors

2

Last push

2mo ago

Recent commits

Latest commits.

Revise stages 5-7 status in README
c1f7fb4Andrew Herd2mo ago
Merge pull request #1 from 0xflagplz/main
a98790eAndrew Herd2mo ago
Arguments
11a518eEd2mo ago
Updated README with latest development and added new rule that catches the operational intent: someone changed a password specifically to spawn a process as that user, which is the behavior that matters regardless of how they got the hash
2a42dd6andrew2mo ago
Fixed bug issue on g_ShellBinary variable
9c7db24andrew

2mo ago

Fixed memory leaks

f5c639eandrew2mo ago

Created new switch, --shell will spawn a cmd.exe for all ( every user in SAM + SYSTEM )

d1f5d2eandrew2mo ago

Red Team analysis, 9 bug fixes, Sigma/YARA detection rules, and lab validation documentation

3162be2andrew2mo ago

Top contributors

Builders behind this project.