Kernel Karnage – Part 9 (Finishing Touches)

It's time for the season finale. In this post we explore several bypasses but also look at some mistakes made along the way. 1. From zero to hero: a quick recap As promised in part 8, I spent some time converting the application to disable Driver Signature Enforcement (DSE) into a Beacon Object File (BOF) … Continue reading Kernel Karnage – Part 9 (Finishing Touches)

Kernel Karnage – Part 8 (Getting Around DSE)

When life gives you exploits, you turn them into Beacon Object Files. 1. Back to BOFs I never thought I would say this, but after spending so much time in kernel land, itโ€™s almost as if developing kernel functionality is easier than writing user land applications, especially when they need to fly under the radar. … Continue reading Kernel Karnage – Part 8 (Getting Around DSE)

Kernel Karnage – Part 7 (Out of the Lab and Back to Reality)

This week I emerge from the lab and put on a different hat. 1. Switching hats With Interceptor being successful in blinding $vendor2 sufficiently to run a meterpreter reverse shell, it is time to put on the red team hat and get out of the perfect lab environment. To do just that, I had to … Continue reading Kernel Karnage – Part 7 (Out of the Lab and Back to Reality)