This post summarizes some of the work I've been doing for the past few months during my (few) off times. Nothing new, mostly just a structured reminder for my later self. Introduction What-The-Fuzz is one of my favorite tools, and beyond the tool...
I've recently decided to read cover to cover some Windows Internals books, and currently reading the amazing book "What Makes It Page", it gave me some ideas to play with Section Objects as they covered in great details. One thought that occurred...
One of Windows kernel subsystem I recently dug into is the Configuration Manager (CM), mostly because I found very scarce public resources about it despite its criticality: this subsystem is responsible for managing the configuration of all...
Background This is a short blog post that I decided to finish recently after looking for a way to sandbox Win32 apps, but lazy as I am, I wanted something that 1. was free/open-source & robustly tested 2. easily hackable to my need (custom...
Sometimes you read about a completely awesome exploitation technique, so you want to go deeper. So this is my notes about how trying to totally understand the exploitation of CVE-2020-0796, I ended up struggling finding good explanation about a...
The short version The short version is that there's a small logic bug in user32!EndTask() which doesn't really check the HWND handle passed when forcefully killing the process, allowing unprivileged process to BSoD the host by killing the...
Or, on how to use the (Windows 10) new field _ETHREAD.ThreadName to stabilize kernel RW primitives SetThreadDescription() as a way to allocate controlled kernel pools Keeping on with experimenting with Windows 10 I noticed a field part of the...
Still on my way to learning of Windows kernel, I spend considerable amount of time on WinDbg Preview. I've been scripting my way to understand its components, the last in date was nt!ObpRootDirectoryObject. This pointer is well documented,...
A few scrap notes about my migration from VirtualBox to Hyper-V (in case I attempt to do the same again in the future 😁) Moving a VirtualBox VM to Hyper-V Hyper-V doesn't support OVF/OVA format, but it is possible to convert a VBox VDI to HV VHD...
If WinDbg was already setting the standard of what modern debuggers should be like, no doubt WinDbg Preview brings it to a next level. The JavaScript API is not perfect yet but already very efficient, so we don't have to rely on PyKd for proper...