I’ll be speaking at 44CON this year, at the community evening on Wednesday 9th September. The community evening is free to attend – you just need to register to attend if you don’t have a conference ticket. My talk is currently scheduled at 19:45, and I’m speaking about writing Windows drivers, with the goal of… Read More Talking about Windows drivers at 44CON 2015’s Community Evening
Back in June, I was doing some analysis on a Windows driver and discovered that the INIT section had the read, write, and executable characteristics flags set. Windows executables (drivers included) use these flags to tell the kernel what memory protection flags should be applied to that section’s pages once the contents are mapped into… Read More W^X policy violation affecting all Windows drivers compiled in Visual Studio 2013 and previous
Another year has rolled by (damn, I really don’t update this blog much, do I?) and Securi-Tay IV is coming up. I’ll be speaking about security issues related to serialisation and deserialisation of data in modern programming languages, including PHP and C#. My colleague FreakyClown will be talking about robbing banks for a living, which… Read More Another year, another Securi-Tay, another talk… and this time we’re sponsoring the bar!
Just a quick tip for anyone doing a code review of a Java EE web application: LAPSE+ is a very useful tool to have in the arsenal, whether you’ve got the original source or just the JAR/WAR file. In my case, the client provided me with a single .WAR file which contained the application. As… Read More Pentesting Java EE web applications with LAPSE+
I’m doing a talk about cryptography at Securi-Tay 2014 on the 15th of January, up in Dundee, Scotland. The talk is aimed at people who are interested in cryptography from a practical perspective, but are put off by the slew of hieroglyphs and maths-speak that tends to plague the field. The talk is entitled “Breaking… Read More Talking about crypto at Securi-Tay 2014 (Dundee, Scotland)
In my previous post I talked about a vulnerability in Steam which allows you to bypass UAC. I’m going to be totally transparent here: I fucked up. I wrote the draft post a few days back, then did some more work on the vulnerability. I discovered something much more serious in the process. I posted… Read More Steam Code Execution – Privilege Escalation to SYSTEM (Part 2)
Like many other gamers, I love Steam. Not only is it ridiculously convenient, but it’s also become a pretty awesome platform for indie game developers to get their games out there. It provides a online store platform for 54 million users, and most of the time it does an excellent job. That’s partly the reason… Read More Steam UAC bypass via code execution