Windows OS

Reverse engineering

Remote debugging windows kernel driver(without symbols) using windbg

In this post we are going to learn few tips and tricks to debug a Windows kernel driver without symbols in windbg.

By Shubham Dubey 2 Jul 2021

Windows OS

Fixing DLL exports for DLL hijacking(DLL proxy)

In this post we will discuss ways to export functions from your dll for dll hijacking. Exporting functions | Dll Proxy

By Shubham Dubey 5 Aug 2020

Windows OS

Mitigate and Detect Local Privilege Escalation cause due to Symbolic Links

In this post we will discuss ways to mitigate symbolic links based Local privilege escalation exploits. We are also going to develop our own protection against these attacks.

By Shubham Dubey 31 Jul 2020

Tutorial

Developing and Installing your first Kernel driver in Windows 10(under 10 min)

Windows kernel development is painful to follow after lots of changes in driver handling by windows. In this article I will help you with developing and installing your driver in less than 10 minutes in windows 10.

By Shubham Dubey 10 Jun 2020

Exploit Development

Breaking Antivirus: Arbitrary file deletion using Symbolic link

A newly discovered symbolic link attack in many antivirus can cause arbitrary file deletion. In this blog, we will be discussing how to create the exploit and mitigate it.

By Shubham Dubey 28 Apr 2020

Exploit Development

Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP

Symbolic link can be abused to cause elevation of privilege or arbitrary write/delete. In this article we are going to understand symlink and will learn how to exploit/abuse them.

By Shubham Dubey 16 Apr 2020

Malware

Malware analysis interview questions with detailed answers (Part 4)

In this part we will discuss advance as well as miscellaneous questions for malware analysis interview. Even if you are already an experienced researcher, still these questions can be helpful for learning some new stuff.

By Shubham Dubey 26 Dec 2019

Malware

Malware analysis interview questions with detailed answers (Part 3)

Here are few more important questions with detailed answers for malware analysis interview. Topic covers in this part is Dynamic analysis, static analysis and debugging.

By Shubham Dubey 18 Sep 2018

Exploit Development

Exploiting buffer overflow in Windows application through TextBox using only Alphanumeric payload

Lets look at how to exploit seh based buffer overflow in WIndows GUI application that have input restrictions of supporting only ascii characters as input.

By Shubham Dubey 7 Sep 2018

Malware

Malware analysis interview questions with detailed answers (Part 2)

Here are few more important questions with detailed answers for malware analysis interview. Topic covers in this part is OS concepts, Programming, Assembly language and Dynamic analysis.

By Shubham Dubey 6 Aug 2018

Malware

Malware analysis interview questions with detailed answers (Part 1)

Here is a series of important questions with detailed answers for malware analysis interviews. These question can be helpful for both candidates and interviewers.

By Shubham Dubey 3 Aug 2018

Malware

Deep dive into Tofsee spambot(Win32:Tofsee-J) malware dropper-2

In this part we will do the static analysis of dropper of tofsee .Tofsee is a spambot categorie of malware used to send spam messages, click fraud to different smtp mail server.

By Shubham Dubey 5 Jul 2018

Malware

Deep dive into Tofsee spambot(Win32:Tofsee-J) malware dropper-1

Tofsee is a spambot categorie of malware used to send spam messages, click fraud to different smtp mail server. In this part we will do the dynamic analysis of dropper of tofsee.

By Shubham Dubey 3 Jul 2018

Rootkits

Understanding Windows DKOM(Direct Kernel Object Manipulation) techniques(Part 1-EPROCESS)

Windows uses different Objects structures for different purposes like io-management, process management etc. These structures are vulnerable to different attacks which we will going to discuss in this series.

By Shubham Dubey 13 Jun 2018