PDA

View Full Version : Fun facts: Windows kernel and guard pages


j00ru vx tech blog
April 12th, 2013, 21:30
It has been a while since I last posted here, so I guess it’s high time to get back to work and share some more interesting Windows kernel internals goodies. Before we get to that, however, let’s start with a few announcements. First of all, there is a number of great infosec conferences coming up [...]

http://j00ru.vexillium.org/?p=1594

Indy
April 13th, 2013, 07:00
Quote:
It’s still quite fun, and will hopefully make a little more sense provided a real-world example which will be described in a separate blog post soon. Cheers!

This technique was described((c) Indy in 2009 on the virustech. This has long been used to bypass the proactive protection(klif.sys eg).

NeOXOeN
April 15th, 2013, 05:58
Indy do you have a link?? of your post?

Indy
April 15th, 2013, 09:04
Forum is dead.

wasm, damagelab etc.

http://www.wasm.ru/forum/viewtopic.php?pid=490246#p490246 ("http://www.wasm.ru/forum/viewtopic.php?pid=490246#p490246")

This RC attack.