Author: winternl
-
Protected: A Deep Dive into the AAD Broker LocalState Cache
—
by
There is no excerpt because this is a protected post.
-
Full Fat Shellcode
—
by
GLP-1s need not apply. There may be situations where you wish to conditionally run 32-bit or 64-bit shellcode from the same codebase. One such scenario is if you are bootstrapping some code into an ILONLY assembly. Below is valid x86 and x86-64 code that can be used for that purpose. The interesting bit is how…
-
Loader Lock Ownership Semantics
—
by
If your career as a programmer has led you here, fear not, there is still time to turn back. I will not tell you to rethink whatever disreputable sequence of instructions you intend to force feed your processor. Nor do I think it would be beneficial to re-evaluate any alternative solutions. No dear reader, I…
-
Why is there a debug directory in my release build?
—
by
(And other difficult conversations to have with your kids) If you’ve spent some time with MSVC you may have noticed your binary contains an IMAGE_DEBUG_DIRECTORY entry — even when building in release mode. This isn’t a new thing and this extra information was introduced in the 2015 release of Visual Studio. In fact, there’s a good…
-
CVE-2022-43997 – Local Privilege Escalation in Aternity Agent
—
by
Aternity is software developed by Riverbed used to monitor the performance of applications and devices from the end user perspective. Software such as Aternity is a prime target for vulnerability research. “Monitoring” software typically installs hooks and performs process injection to track analytics. Doing so safely is not a trivial task; there may be implementation…