In this paper, the author discusses the many challenges and problems concerning user-mode callbacks in win32k. In particular, they show how win32k's dependency on global locks in providing a thread-safe environment does not integrate well with the concept of user-mode callbacks. Although many vulnerabilities related to user-mode callbacks have been addressed, their complex nature suggests that more subtle flaws might still be present in win32k. Thus, in an effort to mitigate some of the more prevalent bug classes, they conclusively provide some suggestions as to how users may protect themselves against future kernel attacks.
51d1563fd83b26e69b8116dfefd3de44db9d463eea1972b575297a33f15a2fc2This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain.
a751245239f622e54ca2416bab2aef9e2485eae6f6c4782fd8b7a36a98c54142This is a brief whitepaper called A Backdoor in the Next Generation Active Directory.
dd040be0d2bdc00e6d0cbeedaaf496611de0e99e0335d67ebeebc9aaca01a674Whitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis.
aef1648589581c22c1a58a83b6b24763434d5609c71498b324de55b9c7a27598Whitepaper called Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker.
3d6158da6ded9cf59e2fd18cf780e070291feb92185af0bb51489f9e56543f44Whitepaper entitled Reverse Engineering Microsoft F#.
4edaef63057c44d9b10082e158d32fd91f25f4a3c1b2b8aa6710a53a6e1909a0Breaking The Windows Server 2003 SP2 Stack.
73317169f7a8e0b4380b4fd5dea75b0d952694c47cbc1bff599ba7db60a729f9Access Through Access - A whitepaper that has aggregated various material regarding how to exploit Microsoft Access during a penetration test.
acaaf07911fd3af0f81cc2e11aac7c5e782cc6b509d97994fcf2f209c11ba94ePhysical Security Attacks On Windows Vista - A short whitepaper discussing the firewire unlock attack.
5f035da0bc475ea3fd4753cf55841d7118ed5b5a109b008da86072262ddd24dcWhitepaper detailing Microsoft API function pointer hijacking.
056bec8064de1bf2562b771532fd532fa7fea977fe12de89101bf552a8806647Small write up discussing how ShellExecute() works and how applications must make use of it.
7a9b8aea89ccd7fbd91c4adf251cb37df6751074c2749b4e00907f8bac322700Whitepaper discussing Windows DNS cache poisoning by forwarder DNS spoofing.
a8edfacf63fc3159336647ddf759fbe145f1138297489817602d348e2b57d3a4Small paper that discusses SMB and NetBIOS on Windows and how a user can disable them.
a4c69c41cf361aeb27b3bc59affd3ab807671e8e08d1873a2cc279845a3b5210Whitepaper entitled Windows Vista 64bits And Unexported Kernel Symbols.
2b24f359a718212fdce5611bf648c054d5e5be36b5321038430e4c47d5aad39cShort whitepaper discussing API hooking/interception via DLL redirection.
4f3b2999eaf8674d18053e9c19ddc2690f09ca07ac557ea9d739cbee813c6366Windows Vista includes a new memory protection system called ASLR. Its goal is to escape buffer overflow attacks in vulnerable programs. Ali Rahbar, has made a complete study of this security mechanism, and found a new implementation flaw that allows to bypass this protection.
ad6a77fa5b3d6c6bce6fb4adca924de45e844e69503cf4da13df83f15ab40765This multi-part tutorial will present several ways in which you can add functionality to closed source Windows executables through DLLs, PE header modification, and good old assembly code. Adding code to existing code caves, modifying PE headers to create code caves and/or importing DLL functions, adding backdoors to programs, and adding plugin support to closed-source programs are all covered.
addfbf9225a75334eb73fe19aa2b943d801118f73553f9dc431330aa37f87327Whitepaper discussing the hardening of Windows NT.
c3dfdf7d4262a082864c40fbf2504b64c0e76d0094696de67110b38577ff0649Whitepaper discussing the fact that the Microsoft Server Message Block Redirector Driver (mrxsmb.sys) does not verify the user-mode buffer properly, allowing any user to overwrite any desired memory address. The successful exploitation results in Ring0 code execution.
8e72140b6ea3bdc38e8d99a76cc14e568dce6926a301540aba00a78f7cb44a46Source code for all the examples used in tutorials 1 through 4 of 'Writing Stack Based Overflows On Windows'.
860b53e6a362f1432b875fd79227494b5d512c72cfa9e23132fc2648cd5ae25eWriting Stack Based Overflows on Windows - Part IV: Shellcode creation and exploitation an application remotely.
8574a8998f8d62e5c51157c0cfca653779fe111f04fd2362565eb53dd4584fb2Writing Stack Based Overflows on Windows - Part III: Walking through a stack based overflow and writing an exploit for a local overflow.
f90a0115f7445c95c71fa6878bcc43ebb6802fec3409da9bbdfa11726c784353Writing Stack Based Overflows on Windows - Part II: Windows Assembly for writing Exploits
458ebf2f8f50c0249db41a0f2babf0e9c981f7c972089ff9b19153fd0210a5ffWriting Stack Based Overflows on Windows - Part I: Basic Concepts
f2eded9aca3088ea4d10a3faf846a8d5c7b7d77f76c4957ad9691750d63e1c75Story of a dumb patch - This paper describes a mistake made by Microsoft in patch MS05-018 where Microsoft failed to properly fix a vulnerability having to release a new patch MS05-049. Hopefully this paper will open the eyes of software vendors to not repeat these kind of mistakes.
a79eb3b5aa2f5d80efad97626f1bd81b439fa096671c52ff737b3558b91a75e0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed