Himanshu Khokhar's Blog

A journey to pwn rip

Category: Shellcoding

Exploiting CVE–2019-1132: Another NULL Pointer Dereference in Windows Kernel

NULL Pointer Dereferences should have died few years ago but they are still being found and used in malware attacks. This post explores the internal details of CVE-2019-1132, which was used by Buhtrap group to target victims in Eastern Europe.

Introduction

The vulnerability we are discussing in this post, NULL pointer dereference, resides in win32k.sys driver which leads to successful escalation of privileges (EoP) on Windows 7 and Windows Server 2008 OSes.

Microsoft addressed this vulnerability in July patch and the vulnerability was discussed previously by ESET in their blog as this vulnerability was used in targeted attacks in Eastern Europe.

Read More

Windows Kernel Exploitation Part 2: Type Confusion

Introduction

Welcome to the second part of Windows Kernel Exploitation series. In the second part, we are taking a detour from usual memory corruption vulnerabilities (which are a majority in case of the driver we are exploiting). I was quite confused whether to make it the first part because how easy it is to exploit, but here we are, once we have tasted blood in kernel land.

What is Type Confusion?

Type confusion is a vulnerability where the application doesn’t verify the type of an object (function, data type, etc.) and then processes it as it expects but the passed object is some other object.

Read More

Powered by WordPress & Theme by Anders Norén