Collaborate Disseminate
Windows Kernel Data Protection is a kernel security feature which appears to use Extended Page Tables (EPT, a hardware virtualization feature) to enforce read-only pages. How effective is this at protecting from kernel exploits in the real… Continue reading How effective is Windows KDP for exploit mitigation in practice?
It happened to me a few times that I installed a Windows PC after the CMOS battery has been replaced and all sorts of things stopped working or threw security warnings, only to realize that I just need to set the clock, or click on the syn… Continue reading How can wrong time synchronization be exploited?
Is it possible that the stored javascript went through a WAF but that the WAF is blocking the "outgoing" by that I mean the execution or the presence, and thereby not showing the XSS when requesting the affected page?
For example… Continue reading XSS went trough WAF in a stored way
what are some of Empire post-exploitation modules that are particularly interesting and useful for a pentest and why,
thank you
Continue reading PowerShell Empire useful post exploitation modules [closed]
I’m currently working on the following CTF exercise (x64 version), where the objective is to overwrite a pointer stored on the heap to control the write address of strcpy():
https://exploit.education/phoenix/heap-one/
I’ve been studying heap exploitation on Linux/macOS for learning purposes.
Many of the generic exploits on macOS rely on brute-forcing the 4-bit checksum derived from the rack’s cookie value. This effectively results in a 2^… Continue reading Why isn’t the checksum length increased on macOS to mitigate generic heap exploitation?
If a computer has been running with considerably outdated operating systems, web browsers, Java, and Adobe Flash, what is the overall risk from malvertising and other potentially unwanted programs (PUPs)?
Assuming that the m… Continue reading What’s the risk of malvertising and other PUPs on unpatched machines? [on hold]
Whenever I turn on my computer, a notification pops up – You need to restart you PC (I have added screenshot). I did, but it keeps coming. So went to notification center and saw which application is causing this, it was my an… Continue reading Is there something fishy on Kaspersky Internet Security or I am missing something?
I understand that obtaining code execution by stack buffer-overflows were mitigated by DEP, which in turn lead to SEH and ROP exploit techniques etc.
However, I don’t see how to exploit an executable simultaneously protecte… Continue reading Methods of exploiting a Windows executable protected by "Control Flow Guard" and "Return Flow Guard"?
Someone to whom I am related is at a study camp for their desired profession. This person, let’s call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, … Continue reading Company claims hardwire connections are a security issue