Mitigating the NULL SecurityDescriptor Kernel Exploitation Vector

Posted in Research on October 14th, 2016 by kyREcon

This article describes a new mitigation in the latest Windows 10 v1607 against a common attack vector user by many kernel exploits until today.

Read more here.

Enjoy,
kyREcon

Share

Detecting KDs with a single instruction

Posted in Research on May 19th, 2016 by kyREcon

tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.

Read more here.

Enjoy,
kyREcon

Share

Advisory – Avast SandBox Escape via IOCTL Requests

Posted in Research on April 21st, 2016 by kyREcon

Click here to read more about this epic fail from Avast.

The vulnerability is still unpatched, even though almost 5 months have passed since the day Avast was informed.

Enjoy,
kyREcon

Share

Extracting zip archives passwords in Win8.x/10

Posted in Research on April 18th, 2016 by kyREcon

tl;dr: When you open a password protected zip archive using Windows Explorer (“Extract All…”), in Windows 8.x/10 the password is automatically cached in the Credentials Manager for the life of the logon session.

Read more here.

Cheers,
kyREcon

Share

Avast Virtualization Driver – Elevation of Privileges

Posted in Research on February 25th, 2016 by kyREcon

You can read advisory details here, and an exploitation write-up here.

Enjoy,
kyREcon

 

Share