Finding and exploiting process killer drivers with LOL for 3000$

In this article, I will introduce some kernel driver/internals theory and explain how to use the data in LOLDrivers to find interesting drivers. Finally, I will present 2 examples of vulnerable drivers and explain how to quickly reverse them and create a PoC to exploit them.

https://alice.climent-pommeret.red/posts/process-killer-driver/

#redteam #loldrivers #windows

alice.climent-pommeret.red

Finding and exploiting process killer drivers with LOL for 3000$

This article describes a quick way to find easy exploitable process killer drivers. There are many ways to identify and exploit process killer drivers. This article is not exhaustive and presents only one (easy) method. Lately, the use of the BYOVD technique…

Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.

https://www.loldrivers.io/

#redteam #loldrivers #windows

Debugging Windows Isolated User Mode (IUM) Processes

In this blog post discussed how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.

https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html

#reverse #windows #trustlets

Quarkslab

Debugging Windows Isolated User Mode (IUM) Processes

Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game

https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/

#gamehack #expdev #reverse #v8 #exploit

Avast Threat Labs

Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs

Avast discovered an exploit for CVE-2021-38003 was used in the wild to attack Dota 2 players. This exploit achieved remote code execution on other players' machines by taking advantage of Dota's usage of an outdated V8 version. In response to Avast's findings…

Kevin Mitnick R.I.P.

https://www.washingtonpost.com/obituaries/2023/07/20/kevin-mitnick-hacker-dies/

CASR – collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity. It is based on ideas from exploitable and apport.

https://github.com/ispras/casr

GitHub

GitHub - ispras/casr: Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.

Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity. - GitHub - ispras/casr: Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate...

UserComment is a plugin to display user-added comments in disassembly and pseudocode views.

https://forum.reverse4you.org/t/usercomment-an-ida-plugin-to-show-user-added-comments/19747

#reverse #idapro #plugin

R0 CREW

UserComment: An IDA plugin to show user-added comments

UserComment is a plugin to display user-added comments in disassembly and pseudocode views. Provides a comment window, displaying user-added comments, including comments in assembly code and pseudocode. Support for different types of comments (common comments…

✨Happy New Year!✨

Take care of yourself and those close to you!

IDA Pro 8.0 released!

• Golang 1.18
• iOS 16 dyld shared cache support
• ARC decompiler
• Better firmware analysis
• FLAIR pattern generator (makepat)

https://hex-rays.com/products/ida/news/8_0/

Hex-Rays

Welcome to IDA 8.0!

A powerful disassembler and a versatile debugger

At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode

https://github.com/chip-red-pill/MicrocodeDecryptor

#tools #reverse #intel #interlnals #microcode #Aligner