News
IOCTL++ tool for hunting Windows Kernel Exploits
IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs. The original tool has been improved with a driver helper and a driver hooker allowing the user to capture...
IOCTL++ tool for hunting Windows Kernel Exploits
IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs. The original tool has been improved with a driver helper and a driver hooker allowing the user to capture...
Windows Kernel Exploits: WRMSR (Model Specific ...
Model Specific Registers (MSR) are CPU control registers that are specific for a CPU family. Their original purpose was to introduce experimental new features and functionality, but some of them...
Windows Kernel Exploits: WRMSR (Model Specific ...
Model Specific Registers (MSR) are CPU control registers that are specific for a CPU family. Their original purpose was to introduce experimental new features and functionality, but some of them...
Windows Kernel Exploits: ZwMapViewOfSection and...
In this exploit, the core technique here was hijacking a legitimate syscall (NtShutdownSystem) to act as a gate into arbitrary kernel exports. First, resolved the virtual address of a target...
Windows Kernel Exploits: ZwMapViewOfSection and...
In this exploit, the core technique here was hijacking a legitimate syscall (NtShutdownSystem) to act as a gate into arbitrary kernel exports. First, resolved the virtual address of a target...