-
CET Updates – CET on Xanax
Windows 21H1 CET Improvements Since Alex and I first published our first analysis of CET,…
-
Critical,Protected, DUT Processes in Windows 10We are all familiar with Microsoft’s love for creating new and exciting ways to prevent…
-
Secure Pool Internals : Dynamic KDP Behind The Hood
Starting with Windows 10 Redstone 5 (Version 1809, Build 17763), a lot has changed in the kernel pool.…
-
PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)
We promised you there would be a Part 1 to FaxHell, and with today’s Patch…
-
Faxing Your Way to SYSTEM — Part Two
“Part two?”, you ask. “Where’s part one?”, you wonder. In this blog post, we are…
-
Symbolic Hooks Part 4: The App Container Traverse-ty
After getting the driver in Part 3 of our blog to load and adding a…
-
Symbolic Hooks Part 3: The Remainder Theorem
We ended the second part with, unsurprisingly, a bugcheck. We tried to redirect all access…
-
Symbolic Hooks Part 2 : Getting the Target Name
In our last blog part, we concluded with a working callback, but no information about…
-
“Move aside, signature scanning!” Better kernel data discovery through lookaside lists
Introduction A while ago we did some research. That specific project might be published at some…
-
DKOM – Now with Symbolic Links!
You might think “What can ANYONE still say about kernel callbacks? We’ve already seen every…