Kernel-Mode

Ring 0 fun.

Arbitrary Code Execution at Ring 0 using CVE-2018-8897

Just a few days ago, a new vulnerability allowing an unprivileged user to run #DB handler…

Making the Perfect Injector: Abusing Windows Address Sanitization and CoW

By the end of this post, I aim to make an injector unlike any other: one…

Escaping SMEP Hell: Exploiting Capcom Driver In a Safe Manner

Trapped in a SMEP disabled payload not being able to do anything reliably? You have come…

Splitting Data from Code, Forgotten x86 Feature: Segmentation

With the introduction of sTLB with Intel Nehalem, TLB splitting — once a reliable technique — became…

No more articles