With the introduction of sandboxed mechanism in several major browsers (Chrome, Edge, IE) and word processing software (Office, Adobe Reader) on Windows platform, the demand of Windows kernel privilege vulnerability is also rising.
I found a chain a year ago, but the repair of several chains and I find the sink point and trigger toString point are different, this should be considered a new CVE, here to share out.
External c2 is not much to say, it is a technology to prevent the real c2 address from leaking and wasting resources and time after being banned by the Blue Team.