Home | Page 2

Connor McGarr

Software Engineer @ CrowdStrike | Exploit Development and Vulnerability Research

Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 2

51 minute read

Combining part 1’s information leak vulnerability with a pool overflow vulnerability to obtain code execution via grooming the kLFH

Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 1

34 minute read

Leveraging the HackSysExtreme Vulnerable Driver to understand the Windows kernel pool, the impacts of kLFH, and bypassing kASLR from low integrity via out-of...

Exploit Development: CVE-2021-21551 - Dell ‘dbutil_2_3.sys’ Kernel Exploit Writeup

33 minute read

Analysis and writeup on weaponizing CVE-2021-21551 without a data-only attack and the importance of Virtualization-Based Security, Hypervisor-Protected Code ...

Exploit Development: Browser Exploitation on Windows - Understanding Use-After-Free Vulnerabilities

72 minute read

Documenting my journey from ground 0 to (hopefully) more modern browser exploitation.

Malware Development: Leveraging Beacon Object Files for Remote Process Injection via Thread Hijacking

47 minute read

Utilizing Cobalt Strike’s in-memory C capabilities to inject a Beacon implant into a remote process without spawning a remote thread on 64-bit systems.