Tag: Windows

23 articles
Date Thu 30 May 2024
Author Tanguy Faivre d'Arcier
Category File Formats

We did a quick study on the most common ways to deliver malware through LNK files.

Date Tue 26 March 2024
Author Lucas Di Martino
Category Containers

This second article describes how to convert a Silo into a Server Silo in order to create a Windows Container. In addition, it dives into certain Kernel side Silo mechanisms.

Date Thu 21 September 2023
Author Lucas Di Martino
Category Containers

This article presents the internals of Windows Container.

Date Thu 07 September 2023
Author Francisco Falcon
Category Reverse-Engineering

In this blog post we discuss how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.

Date Tue 07 February 2023
Author Kevin Minacori
Category Exploitation

This blog post presents a post-exploitation approach to inject code into KeePass without process injection. It is performed by abusing the cache resulting from the compilation of PLGX plugin.

Date Thu 29 July 2021
Author Salma El Mohib
Category Reverse-Engineering

A step by step approach to reverse engineer Hyper-V and have a low level insight into Virtual Trust Levels.

Date Tue 20 July 2021
Author Damien Aumaitre
Category Fuzzing

How to perform snapshot-based coverage-guided fuzzing on Windows kernel components using Rewind, a tool we have just published on Github.

Date Tue 13 July 2021
Author Romain Dumont
Category Reverse-Engineering

This article describes how Windows Defender implements its network inspection feature inside the kernel through the use of WFP (Windows Filtering Platform), how the device object’s security descriptor protects it from being exposed to potential vulnerabilities and details some bugs I found. As a complement to this post, a small utility is released to test the different bugs.

Date Wed 07 April 2021
Author Francisco Falcon
Category Vulnerability

In this blog post we analyze a denial of service vulnerability affecting the IPv6 stack of Windows. This issue, whose root cause can be found in the mishandling of IPv6 fragments, was patched by Microsoft in their February 2021 security bulletin.

Date Thu 12 November 2020
Author Francisco Falcon
Category Reverse-Engineering

Microsoft is currently working on Xtended Flow Guard (XFG), an evolved version of Control Flow Guard (CFG), their own control flow integrity implementation. XFG works by restricting indirect control flow transfers based on type-based hashes of function prototypes. This blog post is a deep dive into how the MSVC compiler generates those XFG function prototype hashes.