April 1, 2024 QA test — NEWS < 1 min read - Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec sagittis vestibulum congue. Vestibulum a nisi id erat hendrerit mattis quis non magna. Curabitur ante ipsum, venenatis sit amet imperdiet eget, ullamcorper eu erat.
October 10, 2023 Critically close to zero(day): Exploiting Microsoft Kernel streaming service 10 min read - Last month Microsoft patched a vulnerability in the Microsoft Kernel Streaming Server, a Windows kernel component used in the virtualization and sharing of camera devices. The vulnerability, CVE-2023-36802, allows a local attacker to escalate privileges to SYSTEM. This blog post details my process of exploring a new attack surface in the Windows kernel, finding a 0-day vulnerability, exploring an interesting bug class, and building a stable exploit. This post doesn’t require any specialized Windows kernel knowledge to follow along, though…