Pinned
Thrilled to share our latest deep dive into Windows Kernel Streaming!
Just presented this research at @offensive_con.
Check it out:
Angelboy
769 posts
Angelboy
@scwuaptx
Joined September 2012
- I organized my notes and made it into slides when I learn about segment heap . If you find something wrong, please let me know. Hope it can be helpful fo those who want to learn segment heap in windows kernel.
- Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year. Check it out:
- Here is my challenge in WCTF 2019. github.com/scwuaptx/LazyF… Hope everyone can learn more windows heap from this challenge. About windows 10 NT heap slideshare.net/AngelBoy1/wind… I only write Chinese version slide, I will release an English version soon.
- My exploit for my challenges at HITCON CTF 2019 Qual github.com/scwuaptx/CTF/t… Hope everyone can learn more from our CTF. #hitconctf
- Window 10 Nt Heap Exploitation (English Version) slideshare.net/AngelBoy1/wind…Here is my challenge in WCTF 2019. github.com/scwuaptx/LazyF… Hope everyone can learn more windows heap from this challenge. About windows 10 NT heap slideshare.net/AngelBoy1/wind… I only write Chinese version slide, I will release an English version soon.
- My solution for 0ctf/tcf 2019 Qual (applepie, babyheap2019, scanner,babyaegis) github.com/scwuaptx/CTF/t…
- We’ve released Part II of our Windows Kernel Streaming series!We’ve just published Angelboy’s (@scwuaptx) latest deep dive into Windows Kernel vulnerabilities, fresh off the stage from #Hexacon! Don’t miss out on the cutting-edge insights and findings. Check it out here: devco.re/blog/2024/10/0… #MSRC #VulnerailibtyResearch
- My exploit for my challenges at HITCON CTF 2020 github.com/scwuaptx/CTF/t… Lucifer challenge is a segment heap challenge in windows kernel. You need to use named pipe to spray in nonpaged pool and use it to do arbitrary memory reading. Hope everyone can learn more from our CTF.
- Nice writeup from LC↯BC for my windows kernel challenge "breath of shadow" ! github.com/mephi42/ctf/tr… In my intended solution, you need to deal with "KVA Shadow" so that you can jump to shellcode in userspace. Thank you for solving my challenge :) #hitconctf
- Microsoft just fixed the vulnerabilities we used at Pwn2Own this year. I will release more details in the next few months. msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v…
- My exploit for 0ctf/tcf 2018 (babyheap,blackhole,house of card,heap storm II) github.com/scwuaptx/CTF/t…
- Although I did not find useful vulnerabilities in other targets and other attacker surface, it was a good experience for me. The most important thing is that I learned a lot during the research. Hope I can find more vulnerabilities in the future.
