Reference list for my Ransomware exploitation research. Lists current DLLs
I have seen to date that some ransomware search for, which I have used
successfully to hijack and intercept vulnerable strains executing arbitrary
code pre-encryption.
It was discovered that GNOME Settings incorrectly handled the remote
desktop sharing configuration. When turning off desktop sharing, it may be
turned on again after rebooting, contrary to expectations.
Thomas Amgarten discovered that Bind incorrectly handled certain TLS
connections being destroyed. A remote attacker could possibly use this
issue to cause Bind to crash, resulting in a denial of service.
Tobias Stoeckmann discovered that libXrandr incorrectly handled certain
responses. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
(CVE-2016-7947, CVE-2016-7948)