Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
Dealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).
Dealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).
Porting part 2’s ChakraCore exploit to Microsoft Edge while defeating ASLR, DEP, CFG, ACG, CIG, and other mitigations.
Leveraging ChakraCore to convert our denial-of-service from part 1 into a read/write primtive and functioning exploit.
End-to-end ‘modern’ browser exploitation on Windows beginning with configuring a browser exploitation environment, exploring JavaScript intrinsics, and under...
Examining recent changes to a highly-abused static structure, KUSER_SHARED_DATA, and its exploitation impact.