Post on exploiting SMBGhost, the leaking with MDL is 🔥 https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html See also Chompie's exploit using this technique and HalpInterruptController for the execution primitive. https://github.com/chompie1337/SMBGhost_RCE_PoC