TJCoder – WindowsTechs.com

Why isn’t google patching methods used for MITB by malware like Emotet?

Posted on December 6, 2022 by TJCoder

Google Chrome uses CFG, ASLR, DEP, Remote PE blocking, Authenticode API, syscall-disabled, but malware like Emotet is still doing MITB web injects on the latest builds on Chrome(108.0.5359.95). Why isn’t Google fixing this?

Continue reading Why isn’t google patching methods used for MITB by malware like Emotet?→

Is there any combination of memory mitigations COOP doesn’t bypass?

Posted on December 2, 2022 by TJCoder

I recently seen a paper where COOP exploit dev was used to bypass DEP+ASLR+CET+CFG+SEHOP. JIT attack surfaces like v8 seem to have even less hardening. Is there a form of exploitable memory corruption that COOP doesn’t work on?

Continue reading Is there any combination of memory mitigations COOP doesn’t bypass?→

What are some exploitable memory corruption attacks I have not listed?

Posted on September 17, 2021 by TJCoder

Dangling pointer(heap)
Use After Free(heap)
Double Free(heap)
Off by one(stack)
Integer Overflow(stack)
Unused Variable(stack and heap)
underrun(stack and heap)
race condition(stack and heap)

From what I’ve seen unused variable and under… Continue reading What are some exploitable memory corruption attacks I have not listed?→

How does Chrome 78+ block all methods of DLL injection?

Posted on September 9, 2021 by TJCoder

How does Chrome block all methods of code injection past version 78? It even blocks signed DLLs it doesn’t have in a static list.

Continue reading How does Chrome 78+ block all methods of DLL injection?→