Or, on how to use the (Windows 10) new field _ETHREAD.ThreadName to stabilize kernel RW primitives SetThreadDescription() as a way to allocate controlled kernel pools Keeping on with experimenting with Windows 10 I noticed a field part of the...
Still on my way to learning of Windows kernel, I spend considerable amount of time on WinDbg Preview. I've been scripting my way to understand its components, the last in date was nt!ObpRootDirectoryObject. This pointer is well documented,...
A few scrap notes about my migration from VirtualBox to Hyper-V (in case I attempt to do the same again in the future 😁) Moving a VirtualBox VM to Hyper-V Hyper-V doesn't support OVF/OVA format, but it is possible to convert a VBox VDI to HV VHD...
If WinDbg was already setting the standard of what modern debuggers should be like, no doubt WinDbg Preview brings it to a next level. The JavaScript API is not perfect yet but already very efficient, so we don't have to rely on PyKd for proper...
This year, I happened to finally have a chance to be in a good position to play Flare-On CTF, a yearly CTF published by FireEye. This year's edition offered 12 reverse-engineering challenges to solve in 6 weeks. This post is mostly a dump of the...
Back again to modern Windows kernel exploitation! After understanding how to build shellcodes for Windows 64-bit and applying this knowledge on a trivial kernel stack overflow vulnerability we are ready to start moving towards more real-life...
Hi there ✋ This post is the third chapter of this series, where we dive into Windows kernel. The previous posts introduced respectively how to painlessly setup a Windows exploit lab, then how to create a custom shellcode for the kernel to...
Continuing on the path to Windows kernel exploitation... Thanks to the previous post, we now have a working lab for easily (and in a reasonably fast manner) debug Windows kernel. Let's skip ahead for a minute and assume we control PC using some...
This is the first on a series of posts on Windows kernel debugging and exploitation. In this part, we'll cover in details how to get everything setup using Linux as host, VirtualBox as hypervisor and Windows virtual images from Modern.IE. Note:...