tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.
Read more here.
Enjoy,
kyREcon
All posts by kyREcon
Advisory – Avast SandBox Escape via IOCTL Requests
Click here to read more about this epic fail from Avast.
The vulnerability is still unpatched, even though almost 5 months have passed since the day Avast was informed.
Enjoy,
kyREcon
Extracting zip archives passwords in Win8.x/10
tl;dr: When you open a password protected zip archive using Windows Explorer (“Extract All…”), in Windows 8.x/10 the password is automatically cached in the Credentials Manager for the life of the logon session.
Read more here.
Cheers,
kyREcon
Avast Virtualization Driver – Elevation of Privileges
NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers
You can read the abstract and download the full white paper here.
Kudos to @OlgaAngel for dedicating some of her time to do some nice aesthetic improvements in the final version.
Enjoy,
kyREcon