Can Bölük

Speculating the entire x86-64 Instruction Set In Seconds with This One Weird Trick

As cheesy as the title sounds, I promise it cannot beat the cheesiness of…

Writing an optimizing IL compiler, for dummies, by a dummy: 0x1 Symbolic Expressions

Before I begin this series of blog posts, I would like to add a…

ByePg: Defeating Patchguard using Exception-hooking

Now I know what you are thinking, exception hooks? …in kernel-mode? Yes, it is…

Arbitrary Code Execution at Ring 0 using CVE-2018-8897

Just a few days ago, a new vulnerability allowing an unprivileged user to run #DB handler…

Making the Perfect Injector: Abusing Windows Address Sanitization and CoW

By the end of this post, I aim to make an injector unlike any other: one…

Escaping SMEP Hell: Exploiting Capcom Driver In a Safe Manner

Trapped in a SMEP disabled payload not being able to do anything reliably? You have come…

Splitting Data from Code, Forgotten x86 Feature: Segmentation

With the introduction of sTLB with Intel Nehalem, TLB splitting — once a reliable technique — became…