anti-exploitation – WindowsTechs.com

Zero-day prevention. Is there a Windows program that encrypts files on-the-fly, keeping only the currently open file decrypted?

Posted on December 18, 2023 by xia

I’m looking for a program for Windows that can securely store my code. The program should be able to encrypt my files on-the-fly, such that only the file I’m currently using is kept decrypted (mainly the current source file(s) I’m working … Continue reading Zero-day prevention. Is there a Windows program that encrypts files on-the-fly, keeping only the currently open file decrypted?→

What does Windows do to prevent dll hijacking?

Posted on May 24, 2023 by MrSomeone

DLL hijacking (I believe) is when a dll with a name identical to a system dll is placed higher up in the search directory precedence: like placing a malicious dll named secur32.dll or winsock.dll next to a trusted executable and waiting fo… Continue reading What does Windows do to prevent dll hijacking?→

EMET is deprecated, which DLL implements the ring3 mitigation?

Posted on August 15, 2022 by daisy

I’m reading this document: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide
In older OS, EMET injects a DLL into the process. On latest Windows EMET is implemented b… Continue reading EMET is deprecated, which DLL implements the ring3 mitigation?→

How can an ELF binary call a Windows API from WSL(2) to deploy a payload?

Posted on October 14, 2021 by Rick

In September 2021 Black Lotus Labs (BLL) posted a blog entry discussing a payload loader that was:

written in Python
compiled to an ELF exe using PyInstaller in Debian in WSL
and "injected into a running process using Windows API cal… Continue reading How can an ELF binary call a Windows API from WSL(2) to deploy a payload?→

Future of binary exploitation

Posted on September 15, 2021 by Francisco Linan

I’m starting to learn about binary exploitation and 0day development. I have learned about stackoverflows, ASLR, DEP, stack cookies and so on… But then I came across this video:
https://www.youtube.com/watch?v=o_hk9nh8S1M
I was very moti… Continue reading Future of binary exploitation→

Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

Posted on June 10, 2021 by J.Todd

JTAG

System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing … Continue reading Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?→

Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

Posted on June 10, 2021 by J.Todd

JTAG

Has exploitation been demonstrated against the fundamental constructs of the debugging process?

Posted on June 10, 2021 by J.Todd

I’m curious to know if an attacker can fundamentally exploit the debugging process.
I’m not asking if specific debugging tools have been exploitable, surely some have, but rather whether the process of debugging – any and perhaps every deb… Continue reading Has exploitation been demonstrated against the fundamental constructs of the debugging process?→

Has exploitation been demonstrated against the fundamental constructs of the debugging process?

Posted on June 10, 2021 by J.Todd

What is AUTOSLAB, and how does it work?

Posted on May 23, 2021 by forest

From here:

I have heard rumors of a grsecurity Wunderwaffe called AUTOSLAB. We don’t know much about it. Presumably, it makes Linux allocate kernel objects in separate slab caches depending on the object type. That could ruin the heap spr… Continue reading What is AUTOSLAB, and how does it work?→