Fuzzing GoldSrc: Weaponizing Network Packets for RCE in Counter-Strike 1.6
How I used the WTF fuzzing framework to find bugs in the GoldSrc engine and exploit a stack buffer overflow for RCE in Counter-Strike 1.6.
Performance over security: Speculative execution vulnerabilities (Spectre & Meltdown)
A deep dive into Spectre and Meltdown, two hardware-level vulnerabilities that traded security for performance.
Elysium - UEFI Bootkit Framework that attacks boot-time Code Integrity
Deep dive into attacking the winload Code Integrity and revealing new techniques
DSEclipse - Story behind bootkit that bypasses DSE in under 1 KB
Analysing my ASM Bootkit that patches DSE at boot allowing to load unsigned drivers
Analysing Insomnia - Bootkit that infects kernel with backdoor
Analysing first bootkit that abuses SSDT hooking to infects kernel with backdoor
Analysing Calypso - UEFI Windows Bootkit
Analysing my UEFI Bootkit with usermode communication
Discovering a zero-day vulnerability in the Argus Monitor driver
Bypassing security mechanisms to exploit an arbitrary physical memory read vulnerability in a temperature monitoring software driver.