Author: winternl
-
Full Fat Shellcode
—
by
GLP-1s need not apply. There may be situations where you wish to conditionally run 32-bit or 64-bit shellcode from the same codebase. One such scenario is if you are bootstrapping some code into an ILONLY assembly. Below is valid x86 and x86-64 code that can be used for that purpose. The interesting bit is how…
-
Loader Lock Ownership Semantics
—
by
If your career as a programmer has led you here, fear not, there is still time to turn back. I will not tell you to rethink whatever disreputable sequence of instructions you intend to force feed your processor. Nor do I think it would be beneficial to re-evaluate any alternative solutions. No dear reader, I…
-
Why is there a debug directory in my release build?
—
by
(And other difficult conversations to have with your kids) If you’ve spent some time with MSVC you may have noticed your binary contains an IMAGE_DEBUG_DIRECTORY entry — even when building in release mode. This isn’t a new thing and this extra information was introduced in the 2015 release of Visual Studio. In fact, there’s a good…
-
CVE-2022-43997 – Local Privilege Escalation in Aternity Agent
—
by
Aternity is software developed by Riverbed used to monitor the performance of applications and devices from the end user perspective. Software such as Aternity is a prime target for vulnerability research. “Monitoring” software typically installs hooks and performs process injection to track analytics. Doing so safely is not a trivial task; there may be implementation…
-
Dealing with Failure: Failure Escalation Policy in Unmanaged CLR Hosts
—
by
Offensive tooling built upon the .NET framework and its runtime environment, the Common Language Runtime (CLR), is an important part of the red teaming ecosystem. .NET tools offer rapid development times, a low barrier to entry, and are highly extensible through native interoperability. These tools have been and will continue to be used effectively on…