Or, on how to use the (Windows 10) new field _ETHREAD.ThreadName to stabilize kernel RW primitives SetThreadDescription() as a way to allocate controlled kernel pools Keeping on with experimenting with Windows 10 I noticed a field part of the...
Still on my way to learning of Windows kernel, I spend considerable amount of time on WinDbg Preview. I've been scripting my way to understand its components, the last in date was nt!ObpRootDirectoryObject. This pointer is well documented,...
A few scrap notes about my migration from VirtualBox to Hyper-V (in case I attempt to do the same again in the future 😁) Moving a VirtualBox VM to Hyper-V Hyper-V doesn't support OVF/OVA format, but it is possible to convert a VBox VDI to HV VHD...
Here's a simple trick that I learned from the amazing @scanlime to quickly (and universally) visualize the distribution of byte of any binary file, using the Portable Graymap Format (PGM) format. On Windows: C:\> echo P5 512 4096 255 >...
If WinDbg was already setting the standard of what modern debuggers should be like, no doubt WinDbg Preview brings it to a next level. The JavaScript API is not perfect yet but already very efficient, so we don't have to rely on PyKd for proper...
I decided to give a descent test to the LIEF project. Executable parsers are not a new thing but that one picked my curiosity (just like most Quarkslab projects) because it also provides dead simple instrumentation functions. To top it up, LIEF...
Introduction After releasing my QEMU images and then publishing a post on how to build a QEMU image for Debian MIPSel, I still received many demands for information on building more VMs, and among those, the most popular one was AARCH64 (or...
This year, I happened to finally have a chance to be in a good position to play Flare-On CTF, a yearly CTF published by FireEye. This year's edition offered 12 reverse-engineering challenges to solve in 6 weeks. This post is mostly a dump of the...
Back again to modern Windows kernel exploitation! After understanding how to build shellcodes for Windows 64-bit and applying this knowledge on a trivial kernel stack overflow vulnerability we are ready to start moving towards more real-life...
Hi there ✋ This post is the third chapter of this series, where we dive into Windows kernel. The previous posts introduced respectively how to painlessly setup a Windows exploit lab, then how to create a custom shellcode for the kernel to...