NOTE: This post is highly related to the research performed by Alex Ionescu. He is going to present the results of his work on the RECON2010 conference, during his Debugger-based Target-to-Host Cross-System Attacks speech. As it turns out, me and Alex have been working on the same subject concurrently – while I have only managed [...]
Hi there! Not so long (a few weeks, actually) ago, me together with Gynvael Coldwind had a chance to carry out a research regarding the Global and Local Descriptor Tables being used as a write-what-where target, while exploiting ring-0 vulnerabilities on 32-bit Microsoft Windows NT-family systems. The result of our work is a small article, [...]
Everyone who has ever had some serious contact with how the Windows kernel mechanisms work, was probably in need to access a complete system call number list (together with the handlers’ definitions). As one of the most important part of the communication process between user’s applications and kernel, SSDT is commonly used for both clearly [...]