Skip to content

{ Category Archives } programming

Defeating Windows Driver Signature Enforcement #3: The Ultimate Encounter

I hope you haven’t got bored with bypassing the Driver Signature Enforcement mechanism (present on all 64-bit Microsoft Windows operating systems since Vista) just yet – in either case, stay calm… this is going to be the last post of the series. After using multiple drivers shipped with the OS in the default configuration to […]

Defeating Windows Driver Signature Enforcement #1: default drivers

One of the obvious things about the Windows operating system for anyone actively working on its kernel security is that the Driver Signature Enforcement (DSE in short) is not effective and can be bypassed with relative ease by any determined individual. From a historical perspective, the “feature” was introduced in the 64-bit build of Windows […]

Nullcon 2012 CTF

(Collaborative post by Mateusz “j00ru” Jurczyk, Gynvael Coldwind and Adam Iwaniuk) Friday, the 7th of September 2012 we were supposed to play the securitytraps.no-ip.org CTF. Unfortunately, the competition was postponed for a later date at the last moment, due to some significant technical problems. Next day evening we accidentally discovered another CTF taking place – […]

ATmega328 (Arduino Uno compatible) MD5 optimized assembly implementation

Disclaimer: the things I am writing about are new to me. Although I do my best to have a solid (well, decent in this case) understanding of the covered topics, some inaccuracies might have slipped through. Feel free to point them out in the comments. Hey guys, or anyone who still happens to visit this […]

Magus Ex Machina – a product of a 48h codejam

[Note: Collaborative post by Gynvael Coldwind and Mateusz “j00ru” Jurczyk] Five weeks ago, we have taken part in a fancy game-development competition aka Google GameJam 48h. As the name implies, the contest lasted for precisely two days; unfortunately, we were proven to lack supernatural powers and had to spend some of the precious time sleeping […]

PiXiEServ out for public

A few years back, we’ve been (i.e. j00ru and Gynvael) working on a bootkit-related project (some polish SecDay’09 presentation slides can be found here: Bootkit vs Windows.pdf). One of its basic requirements was the ability to load custom boot-“sectors” from an external host in the local network. Since the publicly available solutions required too much […]

0-day Windows XP SP3 Denial of Service (CSRSS Crash #1)

A rather short blog post today, as I am currently on my vacations. After publishing two, quite extensive write-ups regarding vulnerabilities in the Windows “CSRSS” component at Microsoft July Patch Tuesday: CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability CVE-2011-1282: User-Mode NULL Pointer Dereference & co. I would like to shortly discuss the […]

CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability

Today, I would like to present a detailed description of the CVE-2011-1281 vulnerability [1], which was reported by me several months ago and patched today, together with four other bugs marked as the Elevation of Privileges class, on the occasion of the monthly Microsoft Patch Tuesday cycle (see Microsoft Security Bulletin MS11-056, a summary of […]

PE Import Table and custom DLL paths

Once upon a time, an interesting software vulnerability vector called DLL Hijacking became very popular, thanks to a Slovenian security research outfit – ACROS Security, as well as HD Moore and his DLL Hijacking Audit Kit. In short, the vulnerability class allowed an attacker to execute arbitrary code in the context of an application, which […]

Protected Mode Segmentation as a powerful anti-debugging measure

The segmentation functionality has been present on the Intel processors since early stages of the CPU manufacturing. In real-mode, segments were the basis of 16-bit memory management, allowing the operating system or application to specify separate memory areas for different types of information, i.e. code, regular data, stack and so on. When a more complex […]