Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
PoC: CVE-2024-49138-POC
POC exploit for CVE-2024-49138
PoC: soc-investigation-powershell-edrfreeze
SOC investigation of CVE-2024-49138 exploitation alert involving PowerShell, EDRFreeze execution, and defense evasion behavior in a simulated environment.
PoC: SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup
In this lab I walked through an end-to-end intrusion that began with an external RDP break-in, used a brand-new CLFS privilege-escalation exploit (CVE-2024–49138), and ended with SYSTEM-level cloud credential harvesting. Below is the story, the evidence, and the lessons I drew from it.
PoC: DLang-file-encryptor
This is my biggest project yet: a DLang file encryptor that escalates privileges using CVE-2024-49138 and disables Windows Defender.
PoC: letsdefend-cve-2024-49138-investigation
Hands-on SOC investigation of CVE-2024-49138 using LetsDefend, VirusTotal, Hybrid Analysis, TrueFort, and ChatGPT.
PoC: CVE-2024-49138-POC
POC exploit for CVE-2024-49138
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free