News
WinDBG Plugin for Windows Kernel Exploitation.
This WinDBG Plugin traps and log the IOCTLs on real-time from the target driver/module, sets a breakpoint into IRP_MJ_DEVICE_CONTROL to break or pass, and once you trigger the IOCTL from...
WinDBG Plugin for Windows Kernel Exploitation.
This WinDBG Plugin traps and log the IOCTLs on real-time from the target driver/module, sets a breakpoint into IRP_MJ_DEVICE_CONTROL to break or pass, and once you trigger the IOCTL from...
Subverting the Windows Kernel with exploits and...
At BSides Frankfurt, Juan Sacco (Founder & Lead Developer, Exploit Pack) delivered a deep, technical session on Windows kernel exploitation and driver weaknesses. Juan walked the audience through the journey...
Subverting the Windows Kernel with exploits and...
At BSides Frankfurt, Juan Sacco (Founder & Lead Developer, Exploit Pack) delivered a deep, technical session on Windows kernel exploitation and driver weaknesses. Juan walked the audience through the journey...
IOCTL++ tool for hunting Windows Kernel Exploits
IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs. The original tool has been improved with a driver helper and a driver hooker allowing the user to capture...
IOCTL++ tool for hunting Windows Kernel Exploits
IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs. The original tool has been improved with a driver helper and a driver hooker allowing the user to capture...
Windows Kernel Exploits: WRMSR (Model Specific ...
Model Specific Registers (MSR) are CPU control registers that are specific for a CPU family. Their original purpose was to introduce experimental new features and functionality, but some of them...
Windows Kernel Exploits: WRMSR (Model Specific ...
Model Specific Registers (MSR) are CPU control registers that are specific for a CPU family. Their original purpose was to introduce experimental new features and functionality, but some of them...
Windows Kernel Exploits: ZwMapViewOfSection and...
In this exploit, the core technique here was hijacking a legitimate syscall (NtShutdownSystem) to act as a gate into arbitrary kernel exports. First, resolved the virtual address of a target...
Windows Kernel Exploits: ZwMapViewOfSection and...
In this exploit, the core technique here was hijacking a legitimate syscall (NtShutdownSystem) to act as a gate into arbitrary kernel exports. First, resolved the virtual address of a target...