Exploits
Software
Retail
- HostOS - External VBI loading (19.09.2019)
- SystemOS Symbolic Link Exploit - Access restricted/encrypted volumes using the Xbox File Explorer (02.06.2017)
- SystemOS Microsoft Edge - chakra.dll Info Leak (30.03.2017)
- SystemOS Microsoft Edge - File System Access (XX.XX.20XX)
- SystemOS Remote Code Execution - Xbox Live Messaging / WinJS injection (XX.XX.2019)
- Browser access while offline
- ECC Curveball - TLS certificate spoofing (CVE-2020-0601) (December 2019)
- Code Execution via Game Script UWP App (08.06.2024)
Development mode
- SystemOS Elevation of privileges via Artifice (automation tool) using vulnerability in OpenSSH service (10.09.2023)
- SystemOS Read/Write overlay for System.xvd (31.07.2019)
- SystemOS Elevation of privileges via UnattendedUtilities (11.06.2019)
- SystemOS Elevation of privileges via VSProfiling account (09.09.2018)
- SystemOS shell access / SSH / Sirep (09.09.2018)
Hardware
- None so far
Authors: