Vergilius
A collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches
https://www.vergiliusproject.com/
#windows #driver #kernel
A collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches
https://www.vergiliusproject.com/
#windows #driver #kernel
👾 Windows Drivers Reverse Engineering Methodology
This blog post details a methodology for reverse engineering and finding vulnerable code paths in Windows drivers.
Including a guide for setting up a lab for (the pesky) kernel debugging.
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
#reverse #driver #analysis
This blog post details a methodology for reverse engineering and finding vulnerable code paths in Windows drivers.
Including a guide for setting up a lab for (the pesky) kernel debugging.
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
#reverse #driver #analysis
🔥6👍4
⚙️ Windows LPE in driver MSKSSRV.SYS
CVE-2023-29360 is a Local Privilege Escalation (LPE) vulnerability found in the mskssrv driver. It allows attackers to gain direct access to kernel memory by exploiting improper validation of a user-supplied value.
🌐 PoC:
https://github.com/Nero22k/cve-2023-29360
📝 Research:
https://big5-sec.github.io/posts/CVE-2023-29360-analysis/
#windows #lpe #driver #mskssrv
CVE-2023-29360 is a Local Privilege Escalation (LPE) vulnerability found in the mskssrv driver. It allows attackers to gain direct access to kernel memory by exploiting improper validation of a user-supplied value.
🌐 PoC:
https://github.com/Nero22k/cve-2023-29360
📝 Research:
https://big5-sec.github.io/posts/CVE-2023-29360-analysis/
#windows #lpe #driver #mskssrv
👍4🔥3
298559809-27f286d7-e0e3-47ab-864a-e040f8749708.mp4
1.2 MB
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
📊 Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research:
🔗 https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit:
🔗 https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
#windows #privesc #clfs #driver
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10
ItsNotASecurityBoundary is an exploit that leverages False File Immutability assumptions in Windows Code Integrity (ci.dll) to trick it into accepting an improperly-signed security catalog containing fraudulent authentihashes. With attacker-controlled authentihashes loaded and trusted by CI, the kernel will load any driver of the attacker's choosing, even unsigned ones.
🔗 https://github.com/gabriellandau/ItsNotASecurityBoundary
#driver #signature #bypass #ffi #windows
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7
Explore the Windows Kernel with HEVD, a vulnerable driver. Dive into stack overflow exploits and bypass SMEP/KPTI protections using the sysret approach.
A detailed guide for Windows kernel explotation:
— Part 0: Where do I start?
— Part 1: Will this driver ever crash?
— Part 2: Is there a way to bypass kASLR, SMEP and KVA Shadow?
— Part 3: Can we rop our way into triggering our shellcode?
— Part 4: How do we write a shellcode to elevate privileges and gracefully return to userland?
#windows #kernel #driver #hevd #hacksys
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👍7