Profile cover photo
Profile photo
Csaba Fitzl
About
Posts

Post has attachment
My view and experience with IT certification
Introduction I run into plenty of debates about whether IT certifications are good or bad, what are those people who hold those capable of, what are the expectations and so on. This post is not just about IT Security certs, but IT in general. Personally I l...

Post has attachment

Post has attachment
About WriteProcessMemory
The contents of this post might be very well known to many people, but for me it was new and honestly, also a bit shocking so I thought I will share it, it might be useful for others as well. I came across this behaviour when I was developing a working POC ...
About WriteProcessMemory
About WriteProcessMemory
theevilbit.blogspot.com

Post has attachment

Post has attachment
kex - python kernel exploit library - update #3
Another week passed, another update is coming. Not sure how long I can keep up with this frequency :) Fixed: all 3 shellcodes (token stealing, update token privileges, update ACL of target process) padded all of them with NOPs, so their length is divisible ...

Post has attachment

Post has attachment
Turning CVE-2017-14961 (IKARUS anti.virus local kernel exploit) into full arbitrary read / write with PALETTE objects
There are 9 exploitable kernel vulnerabilities discovered in IKARUS anti.virus <2.6.18 discovered by @ParvezGHH . You can read more about them here: IKARUS anti.virus and its 9 exploitable kernel vulnerabilities | GreyHatHacker.NET I found the exploit for t...

Post has attachment
Abusing GDI objects for kernel exploitation - PALETTE and various offsets
I started to dig into the topic of abusing GDI objects for Windows kernel exploitation about two weeks ago, and finally get to the PALETTEs. There are many documentation about BITMAPs so I don’t really want to write about those, but there has been little wr...

Post has attachment
kex - python kernel exploit library - major update
I made a major update to my Python kernel exploitation 'library' (kex). In short: GDI abuse functions (original source: https://github.com/GradiusX ) Wrapper functions for GDI abuse to mask the platform (Will work from Win7x64 to Win10x64 v1703 universally ...

Post has attachment
Abusing GDI objects: Bitmap object’s size in the kernel pool
I’m looking into the GDI object abuse techniques for kernel pool exploitation, and found that there is no documentation about how large memory is allocated to the Bitmap object in the kernel paged pool. I read though many exploit codes, articles, but it see...
Wait while more posts are being loaded