If you've seen NightmareEclipse's LegacyHive exploit - I verified it works and it isn't patched.
I wrote some detection queries for MDE which are high fidelity, basically no false positives, and should catch it even if the proof of concept is modified.
https://github.com/GossiTheDog/ThreatHunting/blob/master/AdvancedHuntingQueries/LegacyHive.kql