NDI5aster Paper Updated

Posted in Research on April 29th, 2017 by kyREcon

Added eScan in the list of affected vendors.

More details here.

Enjoy,
kyREcon

Share

nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect

Posted in Research on April 18th, 2017 by kyREcon

A short write-up on a tiny update introduced in NT kernel version 10.0.15063 inside nt!SepCreateAccessStateFromSubjectContext that can mess up with your kernel exploits in case you abuse _SEP_TOKEN_PRIVILEGES.Enabled through a Read-Write Primitive to gain EoP.

Read more here.

Enjoy,
kyREcon

Share
Tags: ,

Mitigating the NULL SecurityDescriptor Kernel Exploitation Vector

Posted in Research on October 14th, 2016 by kyREcon

This article describes a new mitigation in the latest Windows 10 v1607 against a common attack vector user by many kernel exploits until today.

Read more here.

Enjoy,
kyREcon

Share

Detecting KDs with a single instruction

Posted in Research on May 19th, 2016 by kyREcon

tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.

Read more here.

Enjoy,
kyREcon

Share

Advisory – Avast SandBox Escape via IOCTL Requests

Posted in Research on April 21st, 2016 by kyREcon

Click here to read more about this epic fail from Avast.

The vulnerability is still unpatched, even though almost 5 months have passed since the day Avast was informed.

Enjoy,
kyREcon

Share