Petronella Blog Archive

Visit our New Blog

Vulnerability for All Versions of Windows

Blog Post

BuggiCorp is the username of a hacker that is selling exclusive rights on an underground Russian black market forum.

For $95,000 USD (requested via the notorious Bitcoin system) this hacker will share with you, exclusively, source code exploiting zero-day vulnerabilities in all of Microsoft Operating Systems, from the dreaded XP, all the way up to the latest version, Windows 10. The code can be used to elevate user software privileges to the highest possible level: SYSTEM.

BuggiCorp has been gracious enough to share proof on YouTube that the code works:

As well as an additional video that showing how it can also be used to get past EMET security:

Trustwave, a cybersecurity firm, reported this breach, and though they are not directly sharing a link to BuggiCorp's offer, they are sharing details of what the hacker says will be provided to the buyer:

  1. Source code project based on MSVC2005, with all the source code of the exploit and a demo for the exploit.
  2. Free of charge updates to address any Windows version that the exploit might not work on (Might be the case with Windows 10 as there is a large number of different builds).
  3. A detailed write up of the vulnerability details (including the specific vulnerable code in win2k).
  4. Complementary consultation on integrating the exploit according to your needs (within reason).
  5. On request – convert the source code project to a different MSVC version.

It is interesting to note that it is unusual for a hacker to offer exclusive rights; given the high price tag, it is likely that the seller is targeting "the good guys" (i.e. a cybersecurity firm or even Microsoft itself) as opposed to a potential hacker.