я не скину poc код.
vt
wscfd.exe - runs a "wscfd.bat". This isn't rlly vuln, I just used it to load drivers because signed executable running batch file which loads drivers is less suspicious.
vt
IUForceDelete.sys - дает удалить все via ioctl ( this driver is from IoBit and is not currently shipped, dont ask how i have it)
vt
WiseDelfile64.sys - дает удалить все via ioctl ( unreported )
vt
wscfd.exe - runs a "wscfd.bat". This isn't rlly vuln, I just used it to load drivers because signed executable running batch file which loads drivers is less suspicious.
vt
IUForceDelete.sys - дает удалить все via ioctl ( this driver is from IoBit and is not currently shipped, dont ask how i have it)
vt
WiseDelfile64.sys - дает удалить все via ioctl ( unreported )