Menu

EDRSnowblast - blizzard on EDR drivers

EDRSnowblast - blizzard on EDR drivers

After the sandstorm it’s time for the blizzard ! The well-known EDRSandblast tool is a fantastic code base for Windows kernel investigating purpose, after several modification I decided to fork this project and wanted to share details about this with the community.


Read more →

Windows kernel driver static reverse using IDA and GHIDRA

Windows kernel driver static reverse using IDA and GHIDRA

Here are some notes for Windows drivers reverse enginering noob. This topic is already covered and you can find many resources on Internet, here we will use IDA and GHIDRA and observe differences.


Read more →

Loading unsigned Windows drivers without reboot

Loading unsigned Windows drivers without reboot

The previous post exposes how to create a weaponized driver. How can we load this unsigned drivers into the Windows kernel bypassing Driver Signing Enforcement (DSE) ? Here are some details about that.


Read more →

How to get local root shell on the LG HR598 Bluray

How to get local root shell on the LG HR598 Bluray

For a long time I was wondering how to pwn embedded (or IoT) devices. I managed to get a root shell on my old LG HR 598 Bluray player, here is some notes about my hardware hacking journey.


Read more →

Pimp my PID - get SYSTEM using Windows kernel

Pimp my PID - get SYSTEM using Windows kernel

During my journey into the Windows Kernel I found interesting to create a tool to elevate any process to SYSTEM using a driver. Here are some details about that.


Read more →

Rconfig - From zero to (root)shell

Rconfig - From zero to (root)shell

Looking at the Rconfig 3.9 source code lead to find several security bugs which can be chained in order to get unauthenticated (root) remote code execution.


Read more →