[global2141]

A recently discovered vulnerability, CVE-2024-0311 (also known as SB10418), allows a malicious insider to bypass the existing policies of the Skyhigh Client Proxy without requiring a valid release code. This PoC highlights an advanced injection technique into SCPBypass.exe, facilitating unauthorized access through SCPService.exe via an exploitable pipe mechanism.

Vulnerability Summary:
The PoC demonstrates how a malicious insider could leverage an RW-accessible pipe, \\.\pipe\MCPTrayPipe0, managed by SCPService.exe. Though this pipe is RW-accessible by default, access control checks performed by WGUARDNT limit writing to authorized processes. The bypass is achieved by injecting into a user-ran instance of SCPBypass.exe, satisfying the check and allowing unauthorized data to be written to the service pipe.

Technical Breakdown
The injection mechanism circumvents Trellix/McAfee LoadLibrary protections by executing shellcode directly on the pipe using WriteFile. This shellcode is designed to bypass common AV and EDR hooks that typically block unauthorized LoadLibrary calls.
Key elements:

• Injection Target: SCPBypass.exe process.
  
• Vulnerable Pipe: \\.\pipe\MCPTrayPipe0.
  
• AV/EDR Bypass: Custom shellcode bypasses McAfee hooks on LoadLibrary.
  

 
Github Link:

Hidden Content

You must register or login to view this content.

[chrono]

good profile photograph nigger

[global2141]

good profile photograph nigger

niggers' heads off

[DLSpilner]

Whats good ... PoC please

[getviec]

lol...thanks for the PoC!

[frankbomb]

Thanks, I'm going to check it out

[PARROT_TEAM_HUNTER]

thanks dude let me see

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[frontline111]

Thanks, I'm going to check it out

[hgfytr990]

thank you, it was interesting to learn that it was possible

[zedk]

A recently discovered vulnerability, CVE-2024-0311 (also known as SB10418), allows a malicious insider to bypass the existing policies of the Skyhigh Client Proxy without requiring a valid release code. This PoC highlights an advanced injection technique into SCPBypass.exe, facilitating unauthorized access through SCPService.exe via an exploitable pipe mechanism.

Vulnerability Summary:
The PoC demonstrates how a malicious insider could leverage an RW-accessible pipe, \\.\pipe\MCPTrayPipe0, managed by SCPService.exe. Though this pipe is RW-accessible by default, access control checks performed by WGUARDNT limit writing to authorized processes. The bypass is achieved by injecting into a user-ran instance of SCPBypass.exe, satisfying the check and allowing unauthorized data to be written to the service pipe.

Technical Breakdown
The injection mechanism circumvents Trellix/McAfee LoadLibrary protections by executing shellcode directly on the pipe using WriteFile. This shellcode is designed to bypass common AV and EDR hooks that typically block unauthorized LoadLibrary calls.
Key elements:

• Injection Target: SCPBypass.exe process.
  
• Vulnerable Pipe: \\.\pipe\MCPTrayPipe0.
  
• AV/EDR Bypass: Custom shellcode bypasses McAfee hooks on LoadLibrary.
  

 
Github Link:

thanks for sharing lil bro