Himanshu Khokhar's Blog

A journey to pwn rip

Category: Reverse Engineering

Exploiting CVE–2019-1132: Another NULL Pointer Dereference in Windows Kernel

NULL Pointer Dereferences should have died few years ago but they are still being found and used in malware attacks. This post explores the internal details of CVE-2019-1132, which was used by Buhtrap group to target victims in Eastern Europe.


The vulnerability we are discussing in this post, NULL pointer dereference, resides in win32k.sys driver which leads to successful escalation of privileges (EoP) on Windows 7 and Windows Server 2008 OSes.

Microsoft addressed this vulnerability in July patch and the vulnerability was discussed previously by ESET in their blog as this vulnerability was used in targeted attacks in Eastern Europe.

Read More

Demystifying Code Injection Techniques: Part 1 – Shellcode Injection


Code injection refers to the act of injecting arbitrary external code in an application. There are two types of code injection:

  1. Injection into vulnerable programs.
  2. Injection into non-vulnerable programs.

If code injection is done in vulnerable applications, it is done via exploitation of a bug which occurs when processing invalid data. In this case, the extent of code injection is dependent on the bug in the application, which we also refer to as “vulnerability”. The problem with this scenario is that the application should have a bug that can be leveraged to gain code execution.

Read More

Windows Kernel Exploitation Part 3: Integer Overflow


Welcome to the third part of Windows Kernel Exploitation series. In this part, we are going to exploit integer overflow in the HackSysExtremeVulnerableDriver.

What exactly is an integer overflow?

For those who do not know about integer overflows, you might be thinking how an integer can overflow?

Well, the actual integer does not overflow. CPU stores integers in fixed size memory allocations (we are not talking about heap or alike here). If you are familiar with C/C++ programming language or similar languages, you might recall data types and how each data type has specific fixed size.

Read More

Powered by WordPress & Theme by Anders Norén