News

Shadow SSDT Hijacking: Achieving Kernel Code Execution via Read-Write Primitives

Shadow SSDT Hijacking: Achieving Kernel Code Ex...

On this blog, I'll walk you through Shadow SSDT hijacking to achieve kernel code execution under VBS/HVCI/kCET-enabled environments in Windows 11 (latest build). We'll first cover the fundamentals of userland...

Shadow SSDT Hijacking: Achieving Kernel Code Ex...

On this blog, I'll walk you through Shadow SSDT hijacking to achieve kernel code execution under VBS/HVCI/kCET-enabled environments in Windows 11 (latest build). We'll first cover the fundamentals of userland...

BlueHammer Analysis (Defender LPE)

BlueHammer Analysis (Defender LPE)

Interested in Windows Kernel? Check out our Technical Training Courses --- The BlueHammer exploit for Windows Defender, recently disclosed by Nightmare Eclipse, probably won’t be added to Exploit Pack unless there is...

BlueHammer Analysis (Defender LPE)

Interested in Windows Kernel? Check out our Technical Training Courses --- The BlueHammer exploit for Windows Defender, recently disclosed by Nightmare Eclipse, probably won’t be added to Exploit Pack unless there is...

DOG - Data Only Gadgets

DOG - Data Only Gadgets

What is DOG? DOG, short for Data Only Gadgets, is a post-exploitation tool that uses your existing kernel read/write primitives to locate, classify, and chain kernel gadgets, resolve the structures...

DOG - Data Only Gadgets

What is DOG? DOG, short for Data Only Gadgets, is a post-exploitation tool that uses your existing kernel read/write primitives to locate, classify, and chain kernel gadgets, resolve the structures...

"The Watchdog" in Control Pack

"The Watchdog" in Control Pack

We have noticed in many post-exploitation frameworks that persistence access is a recurring weakness. The issue remains by design in their single-process execution model. This could become a real problem...

"The Watchdog" in Control Pack

We have noticed in many post-exploitation frameworks that persistence access is a recurring weakness. The issue remains by design in their single-process execution model. This could become a real problem...

Exploit Pack featured in HVCK Magazine

Exploit Pack featured in HVCK Magazine

Check out our Technical Training Courses on Windows Kernel Exploitation --- Exploit Pack and its founder, Juan Sacco (LinkedIn), were featured in the latest edition of HVCK Magazine. The article focuses...

Exploit Pack featured in HVCK Magazine

Check out our Technical Training Courses on Windows Kernel Exploitation --- Exploit Pack and its founder, Juan Sacco (LinkedIn), were featured in the latest edition of HVCK Magazine. The article focuses...

Bypassing Kernel Code Execution: SSDT Hijack Under VBS/HVCI, but how?

Bypassing Kernel Code Execution: SSDT Hijack Un...

By Juan Sacco (LinkedIn), founder of Exploit Pack. Check out our Technical Training Courses on Windows Kernel Exploitation --- I have always been interested in Windows Kernel Exploitation, but this...

Bypassing Kernel Code Execution: SSDT Hijack Un...

By Juan Sacco (LinkedIn), founder of Exploit Pack. Check out our Technical Training Courses on Windows Kernel Exploitation --- I have always been interested in Windows Kernel Exploitation, but this...

Technical Training