Detecting KMDs with a single instruction

Posted in Research on May 19th, 2016 by kyREcon

tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.

Read more here.

Enjoy,
kyREcon

Share

Advisory – Avast SandBox Escape via IOCTL Requests

Posted in Research on April 21st, 2016 by kyREcon

Click here to read more about this epic fail from Avast.

The vulnerability is still unpatched, even though almost 5 months have passed since the day Avast was informed.

Enjoy,
kyREcon

Share

Extracting zip archives passwords in Win8.x/10

Posted in Research on April 18th, 2016 by kyREcon

tl;dr: When you open a password protected zip archive using Windows Explorer (“Extract All…”), in Windows 8.x/10 the password is automatically cached in the Credentials Manager for the life of the logon session.

Read more here.

Cheers,
kyREcon

Share

Avast Virtualization Driver – Elevation of Privileges

Posted in Research on February 25th, 2016 by kyREcon

You can read advisory details here, and an exploitation write-up here.

Enjoy,
kyREcon

 

Share

NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers

Posted in Research on February 3rd, 2016 by kyREcon

You can read the abstract and download the full white paper here.

Kudos to @OlgaAngel for dedicating some of her time to do some nice aesthetic improvements in the final version.

Enjoy,
kyREcon

Share