Explore >> Select a destination
|
You are here 
|
alice.climent-pommeret.red | ||
| | | | |
theevilbit.github.io
|
|
| | | | | In the recent days I was reading technical analysis of win32k exploits from recent years, and it caught my eyes, that the HMValidateHandle technique is very heavily used almost everywhere. Then I had an idea how to protect against this family of exploits, which I think is very simple. This post will be about that. What is HMValidateHandle? Link to heading HMValidateHandle is an internal, unexported function of user32.dll. It takes a handle and a handle type as arguments, and by looking up the handle table, if the handle is matching with the type it will copy the object to user memory. If the object contains a pointer to itself, like tagWND it can be used to leak memory addresses from the kernel. This has been a known technique for very long time, I think the... | |
| | | | |
keyj.emphy.de
|
|
| | | | | [AI summary] The article discusses the process of creating ultra-small Windows executables by optimizing the PE (Portable Executable) format. KeyJ, the author, details various techniques such as removing sections, collapsing headers, and using hash-based import lookups to minimize the executable size. The article also includes comments from readers discussing the challenges and successes of these optimizations, as well as the importance of compatibility across different Windows versions. The final executable size is reduced to around 268 bytes, and the author acknowledges the trade-offs between size and compatibility. | |
| | | | |
www.malwaretech.com
|
|
| | | | | Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations. | |
| | | | |
gist.github.com
|
|
| | | 64 bit Python3 compatible shellcode runner. GitHub Gist: instantly share code, notes, and snippets. | ||
