Normal view

There are new articles available, click to refresh the page.
Before yesterdayVoidSec

Driver Buddy Reloaded

By: voidsec
27 October 2021 at 14:30

As part of my continuous security research journey, during this year I’ve spent a good amount of time reverse-engineering Windows drivers and exploiting kernel-mode related vulnerabilities. While in the past there were (as far as I know), at least two good IDA plugins aiding in the reverse engineering process: DriverBuddy of NCC Group. win_driver_plugin of […]

The post Driver Buddy Reloaded appeared first on VoidSec.

Merry Hackmas: multiple vulnerabilities in MSI’s products

By: voidsec
16 December 2021 at 13:46

This blog post serves as an advisory for a couple of MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with. All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to: Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory […]

The post Merry Hackmas: multiple vulnerabilities in MSI’s products appeared first on VoidSec.

Malware Analysis: Ragnarok Ransomware

By: voidsec
28 April 2021 at 08:13

The analysed sample is a malware employed by the Threat Actor known as Ragnarok. The ransomware is responsible for files’ encryption and it is typically executed, by the actors themselves, on the compromised machines. The name of the analysed executable is xs_high.exe, but others have been found used by the same ransomware family (such as […]

The post Malware Analysis: Ragnarok Ransomware appeared first on VoidSec.

Windows Drivers Reverse Engineering Methodology

By: voidsec
20 January 2022 at 15:30

With this blog post I’d like to sum up my year-long Windows Drivers research; share and detail my own methodology for reverse engineering (WDM) Windows drivers, finding some possible vulnerable code paths as well as understanding their exploitability. I’ve tried to make it as “noob-friendly” as possible, documenting all the steps I usually perform during […]

The post Windows Drivers Reverse Engineering Methodology appeared first on VoidSec.

Browser Exploitation: Firefox Integer Overflow – CVE-2011-2371

By: voidsec
21 July 2022 at 08:37

In case you’re wondering why I’m not posting as regularly as before, with the new year, I’ve finally transitioned into a fully offensive vulnerability research and exploit development role at Exodus Intelligence that fulfilled my career dream (BTW, we’re currently hiring). In the last couple of months, I’ve worked on some exciting and challenging bugs. […]

The post Browser Exploitation: Firefox Integer Overflow – CVE-2011-2371 appeared first on VoidSec.

Windows Exploitation Challenge – Blue Frost Security 2022 (Ekoparty)

By: voidsec
1 December 2022 at 16:07

Last month, during Ekoparty, Blue Frost Security published a Windows challenge. Since having a Windows exploitation challenge, is one of a kind in CTFs, and since I’ve found the challenge interesting and very clever, I’ve decided to post about my reverse engineering and exploitation methodology. Challenge Requests Only Python solutions without external libraries will be […]

The post Windows Exploitation Challenge – Blue Frost Security 2022 (Ekoparty) appeared first on VoidSec.

Naughty List Challenge Write-Up – X-MAS CTF

By: voidsec
22 December 2022 at 14:17

As the last post of the year, I decided to do something chill and a bit “off-topic” from my usual content. As the festivities are approaching, I have a bit more free time to dedicate to different stuff, like helping some friends with CTFs and such. I’ve decided to post about this specific challenge because […]

The post Naughty List Challenge Write-Up – X-MAS CTF appeared first on VoidSec.

SANS SEC760: Advanced Exploit Development for Penetration Testers – Review

By: voidsec
18 January 2023 at 16:39

In July 2022, I took the SANS SEC 760 class in Berlin. I always promised myself and some close friends to write a review, but I didn’t have the time until the Christmas break. This blog post aims to be a day-by-day review of the SANS SEC760 course content and its CTF, NetWars tournament and […]

The post SANS SEC760: Advanced Exploit Development for Penetration Testers – Review appeared first on VoidSec.

Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver

By: voidsec
15 June 2023 at 14:25

Recently, a threat actor (TA) known as SpyBot posted a tool, on a Russian hacking forum, that can terminate any antivirus/Endpoint Detection & Response (EDR/XDR) software. IMHO, all the hype behind this announcement was utterly unjustified as it is just another instance of the well-known Bring Your Own Vulnerable Driver (BYOVD) attack technique: where a […]

The post Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver appeared first on VoidSec.

OffSec EXP-401 Advanced Windows Exploitation (AWE) – Course Review

By: voidsec
18 January 2024 at 16:19

In November of last year, I took the OffSec EXP-401 Advanced Windows Exploitation class (AWE) at Black Hat MEA. While most of the blog posts out of there focus on providing an OSEE exam review, this blog post aims to be a day-by-day review of the AWE course content. OffSec Exp-401 (AWE) During the first […]

The post OffSec EXP-401 Advanced Windows Exploitation (AWE) – Course Review appeared first on VoidSec.

❌
❌