Added eScan in the list of affected vendors.
More details here.
Enjoy,
kyREcon
Category Archives: Research
nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect
A short write-up on a tiny update introduced in NT kernel version 10.0.15063 inside nt!SepCreateAccessStateFromSubjectContext that can mess up with your kernel exploits in case you abuse _SEP_TOKEN_PRIVILEGES.Enabled through a Read-Write Primitive to gain EoP.
Read more here.
Enjoy,
kyREcon
Mitigating the NULL SecurityDescriptor Kernel Exploitation Vector
This article describes a new mitigation in the latest Windows 10 v1607 against a common attack vector user by many kernel exploits until today.
Read more here.
Enjoy,
kyREcon
Detecting KDs with a single instruction
tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.
Read more here.
Enjoy,
kyREcon
Advisory – Avast SandBox Escape via IOCTL Requests
Click here to read more about this epic fail from Avast.
The vulnerability is still unpatched, even though almost 5 months have passed since the day Avast was informed.
Enjoy,
kyREcon