Feb 29, 2020
Windows Kernel Ps Callbacks Experiments
I won’t be sharing any 0day here (well, maybe a “nday” if you haven’t been looking into
ring0that much). The fact is, there’s not much public information about this subject (attacks against the Windows Kernel Ps callbacks). To play a little bit with these kernel callbacks, I “wrote” (yes, in commas) a pseudo-EDR proof-of-concept (that uses these Ps callbacks). This post tells the story of some of these
Jul 16, 2017
Inject All The Things
Well, its 2017 and I’m writing about DLL injection. It could be worse. DLL injection is a technique used by legitimate software to add/extend functionality to other programs, debugging, or reverse engineering. It is also commonly used by malware in a multitude of ways. This means that from a security perspective, it’s imperative to know how DLL injection works.
Dec 3, 2016
hunting (l)users using WinAPI calls only
During Red Team engagements it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user (no matter how, always “assume compromise”) in a Windows Domain and we want to spread laterally.