We recently discovered a new and quietly released Windows kernel exploitation defence. Exploiting a kernel bug by setting the pointer to the SecurityDescriptor to NULL in the header of a process object running as SYSTEM won’t work from Windows 10 v1607 (Build 14393). If you want to know why, keep reading.
Author Archive for: Kyriakos Economou
About Kyriakos Economou
This author has yet to write their bio.Meanwhile lets just say that we are proud Kyriakos Economou contributed a whooping 22 entries.
Entries by Kyriakos Economou
We recently received an email which contained a malicious Word macro. Usually, the only thing that changes between malicious Office macros is the obfuscation that is used; e.g. changing variable names and splitting text strings. This one was different. We decided to analyse the payload and before we knew it, we were deep down the rabbit hole!