Tag: windows

24 articles
Date Tue 23 September 2025
Author Luis Casvella
Category Pentest

Bring Your Own Vulnerable Driver (BYOVD) is a well-known post-exploitation technique used by adversaries. This blog post is part of a series. We will see how to abuse a vulnerable driver to gain access to Ring-0 capabilities. In this first post we describe in detail the exploitation of vulnerabilities found in a signed Lenovo driver on Windows.

Date Thu 30 May 2024
Author Tanguy Faivre d'Arcier
Category File Formats

We did a quick study on the most common ways to deliver malware through LNK files.

Date Tue 26 March 2024
Author Lucas Di Martino
Category Containers

This second article describes how to convert a Silo into a Server Silo in order to create a Windows Container. In addition, it dives into certain Kernel side Silo mechanisms.

Date Thu 21 September 2023
Author Lucas Di Martino
Category Containers

This article presents the internals of Windows Container.

Date Thu 07 September 2023
Author Francisco Falcon
Category Reverse-Engineering

In this blog post we discuss how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.

Date Tue 07 February 2023
Author Kevin Minacori
Category Exploitation

This blog post presents a post-exploitation approach to inject code into KeePass without process injection. It is performed by abusing the cache resulting from the compilation of PLGX plugin.

Date Thu 29 July 2021
Author Salma El Mohib
Category Reverse-Engineering

A step by step approach to reverse engineer Hyper-V and have a low level insight into Virtual Trust Levels.

Date Tue 20 July 2021
Author Damien Aumaitre
Category Fuzzing

How to perform snapshot-based coverage-guided fuzzing on Windows kernel components using Rewind, a tool we have just published on Github.

Date Tue 13 July 2021
Author Romain Dumont
Category Reverse-Engineering

This article describes how Windows Defender implements its network inspection feature inside the kernel through the use of WFP (Windows Filtering Platform), how the device object’s security descriptor protects it from being exposed to potential vulnerabilities and details some bugs I found. As a complement to this post, a small utility is released to test the different bugs.

Date Wed 07 April 2021
Author Francisco Falcon
Category Vulnerability

In this blog post we analyze a denial of service vulnerability affecting the IPv6 stack of Windows. This issue, whose root cause can be found in the mishandling of IPv6 fragments, was patched by Microsoft in their February 2021 security bulletin.