Reverse Engineering
OpenSSL, Certpinning and Memory patching. Sounds fun right?
This blogpost will cover the research I presented at BSides JoBurg. You can watch the talk on YouTube, and code can be found on our GitHub page. This journey started after having looked at some certificate-pinned apps. The majority of apps that appear to implement cert pinning, don’t actually have cert pinning but rather just use a custom trust manager or are not proxy aware (this also applies to things…
Noooooooooo Touch!
TL;DR I presented this work at Insomni’hack, if you’d prefer to watch the recording of that then you can find it here: https://www.youtube.com/watch?v=Nvw_BH7jPzE Imagine you’re on a physical engagement, standing outside an office door. You need an access card but you don’t have one (yet). You notice that there’s a pattern where employees need to tag in, but to leave they just wave their hand and the door swings open.…
Filter-Mute Operation: Investigating EDR Internal Communication
For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a look at communication between a Windows driver and its user-mode process. Here are some details about that journey. Attackers could use Windows kernel R/W exploit primitive to avoid communication between EDR_Driver.sys and its EDR_process.exe. As a result some EDR detection mechanisms will be disabled and make it (partially) blind to malicious payloads. This blogpost describes…
Intro to Chrome’s V8 from an exploit development angle
Last Christmas I was doing quite a bit of research around an exploit for Chrome’s JavaScript engine, V8. While most of the concepts around the exploit might seem familiar: for example, what is known as a Type Confusion today has the almost exact concept (or outcome) as a Use-After-Free vulnerability, one of the differences is that there is no free/malloc exploited directly; there is a huge difference in the root…
Hacking doom for fun, health and ammo
Remember iddqd and idkfa? Those are two strings were etched into my brain at a very young age where fond memories of playing shareware Doom live. For SenseCon ’19, Lauren and Reino joined me as we dove into some reversing of chocolate-doom with the aim of recreating similar cheats. The results? Well, a video of it is shown below. We managed to get cheats working that would: Increment your ammo…
Page 1 of 1