Please feel free to reach out to me by DM on X or Discord if you have any questions, remarks or if you just want to chat.

Let’s work together to ensure responsible, coordinated disclosure. Your efforts as a vendor are key to making our digital spaces safer. I believe that by working together, we can promote responsible and coordinated disclosure to make your products safer for your users. My 90+30/45 Policy I adhere to a 90+30 disclosure deadline policy. Once I notify a vendor of a security vulnerability, I provide a generous 90-day window for them to develop a patch for users.

In this two part blog post series we present KTIMER hijacking, a novel post-exploitation technique that delays the execution of kernel-mode payloads. In the first part whe focussed on Windows 11 timer internals and deferred procedure calls and showed that we can hijack KTIMER and KDCP objects to delay the execution of a function pointer. This second part focusses on implementing these findings in a proof of concept, illustrating the delay in execution of a kernel-mode payload.

In this two part blog post series we present KTIMER hijacking, a novel post-exploitation technique that delays the execution of kernel-mode payloads. This first part will focus on Windows 11 timer internals and deferred procedure calls and how we can hijack KTIMER and KDCP objects to delay the execution of a function pointer. The second part focusses on implementing these findings in a proof of concept, illustrating the delay in execution of a kernel-mode payload.

“The OSEE is the most difficult exploit development certification you can earn.” (OffSec). To attempt the 72-hour exam you have to have physically attended the demanding EXP-401: Advanced Windows Exploitation (AWE) course that has limited seats available. At the time of writing it is estimated that there are only around 100 OSEEs in the world whilst the course is taught since 2011.

Flare-On is an annual single player reverse engineering CTF that represents the skills and challenges that the Mandiant FLARE team faces. The 8-12 challenges increase in difficulty and participants have about 6 weeks to complete them all in order to win a prize.

Caphyon Ltd Advanced Installer 19.3 “CustomDetection” Update Check Remote Code Execution Vulnerability (PDF)

EMCO Software Multiple Products Unauthenticated Update Remote Code Execution Vulnerability (PDF)

ZZ Inc. KeyMouse 3.08 (Windows) Unauthenticated Update Remote Code Execution Vulnerability (PDF)

I updated the OpenPGP key for secure communication.