Windows CSRSS Write Up: Inter-process Communication (part 2/3)
A quick beginning note: My friend d0c_s4vage has created a technical blog and posted his first text just a few days ago. The post entry covers a recent, critical libpng vulnerability discovered by this guy; the interesting thing is that, among others, the latest Firefox and Chrome versions were vulnerable. Feel free to take a minute and read the article here.
Additionally, the video and mp3 recordings from the presentation performed by me and Gynvael on the CONFidence 2010 conference, are now publicly available on the official website: link (Case study of recent Windows vulnerabilities).
Attacking the Host via Remote Kernel Debugger (Virtual Machines)
NOTE: This post is highly related to the research performed by Alex Ionescu. He is going to present the results of his work on the RECON2010 conference, during his Debugger-based Target-to-Host Cross-System Attacks speech. As it turns out, me and Alex have been working on the same subject concurrently - while I have only managed to perform cursory analysis of the mechanism, Alex has carried out a thorough analysis and possibly developed a PoC for a real vulnerability 
Besides this, I would like to share some of my ideas and conclusions which I came up with, during a short period of the recent weeks
CONFidence 2010 is over
One of the biggest (best ) IT security-oriented conferences in Poland finished three days ago, in the wednesday evening. In the very first place, I would like to congratulate all the organisers, for their decision on where the event should be held, as well as how it should look like - during these two days, I had plenty of real fun!
Windows Kernel Vulnerabilities continued – details
And so it happened ;> As I've written in this post, Gynvael Coldwind has just finished speaking about recent Windows Kernel Vulnerabilities on the Hack In The Box Dubai conference, taking place today. Unfortunately, because of the European air communication being disabled these days, the presentation was held remotely - one way or another, it can be considered very successful, imho.
Thanks to the organisers, who publish the materials right after the speeches are over, all of the slides are now available at http://conference.hitb.org/hitbsecconf2010dxb/materials/.
Our presentation, containing the details of how the aforementioned kernel / CSRSS vulns work and can be exploited, can be found here (1.27MB).
I am not going to spoil anything more here - if you were not lucky to attend the Dubai conference, I strongly recommend the polish CONFidence 2010 held in May (which I also mentioned already).
Have fun!
Windows Kernel Vulnerabilities release (Hispasec research)
Today, during the Patch Tuesday, Microsoft has released bits of information regarding the security vulnerabilities present in the Windows kernel - found and exploited (in the Proof of Concept form) by me and Gynvael Coldwind - which are directly connected with a well-known Windows Registry functionality. Five bugs have been described (there is a total of six in fact - one of them was reduced due to the fact that one patch in the source code fixes two separate vulns at the same time) - two of them allow Local Elevation of Privileges to be achieved, while the other three make it possible to perform a Denial of Service attack.
The incoming SecDay conference
I have a pleasure to inform the blog readers about the incoming event I am taking part in - the polish SecDay conference (regarding security in a general meaning)!
Recent conferences’ reports
It seems like the blog has been dead for more than two months, mainly due to kind of wrong priority hierarchy - there was always something interesting to research, even when I should be busy writing a next interesting post on my blog
The recent weeks haven't been wasted at all, as the site state might suggest. Thanks go to the SecNews admin for dropping a line about this place, a few days ago - the sudden visit rate increase was really motivational to keep on posting here. Since now, I'll try to redesign my priorities so as to spend more time on the blog development, but life will show how will I handle it.
What I am going to describe today is not a technical subject at all (though strongly related to). During recent times I've been present at a few really well-organised conferences (though not every I wanted to attend), all of which I am going to mention here. The most popular one, CONFidence 2009 will be described in detail while the other ones will only be briefly introduced to the reader.
Pages
Projects
Recent Posts
- Kernel exploitation – r0 to r3 transitions via KeUserModeCallback
- Windows CSRSS Write Up: Inter-process Communication (part 2/3)
- Blog customization, old PHP advisories
- Windows CSRSS Write Up: Inter-process Communication (part 1/3)
- Windows CSRSS Write Up: the basics (part 1/1)
Recent Comments
- j00ru: @NCR: Mmm… you should know it, already?;D
- NCR: @j00ru: what could it be?
- j00ru: @frank boldewin: thanks mate @NCR: Ahaha, yeah ;D I’ve got something for ya btw.
- NCR: Hey!, you did it!, you wrote it! thanks!
- frank boldewin: excellent writeup dude!