Windows Internals: Dissecting Secure Image Objects - Part 1
Analysis of NT, Secure Kernel, and SKCI working together to create the initial SECURE_IMAGE object
Analysis of NT, Secure Kernel, and SKCI working together to create the initial SECURE_IMAGE object
Dealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).
Porting part 2’s ChakraCore exploit to Microsoft Edge while defeating ASLR, DEP, CFG, ACG, CIG, and other mitigations.
Leveraging ChakraCore to convert our denial-of-service from part 1 into a read/write primtive and functioning exploit.
End-to-end ‘modern’ browser exploitation on Windows beginning with configuring a browser exploitation environment, exploring JavaScript intrinsics, and under...