Hacker News new | ask | show | jobs
by monocasa 2639 days ago
> via the exploited code

Their scanner doesn't show any exploitation happening, and they don't say that it does.
1 comments
novaleaf 2638 days ago
I admit that I am reading into the line "abnormal memory allocation and execution" and thinking it's intentional.

You are right that they don't seem to know what code was being executed. Just that some code (be it real code or random garbage) was injected and executed.

link
monocasa 2636 days ago
It's intentional; it's not "exploitation". It's really doing privilege deescalation of the shellcode.

They know the code it's running for the most part, it's the CreatProcessW stuff they talk about.

link