Feb 29, 2020
Windows Kernel Ps Callbacks Experiments
I won’t be sharing any 0day here (well, maybe a “nday” if you haven’t been looking into
ring0that much). The fact is, there’s not much public information about this subject (attacks against the Windows Kernel Ps callbacks). To play a little bit with these kernel callbacks, I “wrote” (yes, in commas) a pseudo-EDR proof-of-concept (that uses these Ps callbacks). This post tells the story of some of these
Dec 3, 2016
hunting (l)users using WinAPI calls only
During Red Team engagements it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user (no matter how, always “assume compromise”) in a Windows Domain and we want to spread laterally.