Trying to organize the primitives into a single context...

Funny sunny tuesday

Reversing a Vulnerable Driver: Discovering a Process Termination Primitive New Medium post, in this one see the reversing process of a vulnerable Windows kernel driver to understand how it can be abused to terminate arbitrary processes from kernel medium.com/@s12deff/rever…

Just finished the PPL disable from R/W Kernel BYOVD Soon on Medium, what do you think? Still need some help with PatchGuard. One dirty trick could be to disable PPL, do the malicious stuff, and then re-enable it right away

Starting to test the new version of Syswhispers github.com/JoasASantos/Sy…

Abusing a vulnerable driver BYOVD to gain arbitrary kernel R/W and bypass PPL protection New Medium post. In this one, we will explore a technique used in offensive security that allows us to bypass PPL by abusing a vulnerable driver with R/W kernel vuln medium.com/@s12deff/abusi…

Get Process ID by Process name from unsigned Kernel driver

We're looking for your process 🔫

Playing with some classic ones🙏

ActiveProcessLinks in EPROCESS Structure New Medium post. In this article, I provide a clear explanation of the ActiveProcessLinks field within the EPROCESS structure medium.com/@s12deff/activ…

Disabling DSE by Kernel write primitive

Admin2System

Bypassing Code Integrity Using BYOVD for Kernel R/W Primitives New Medium post, in this one we will explore a technique used in offsec that allows us to disable CI (Code Integrity “Policies”) by abusing a vulnerable driver with Kernel R/W vuln medium.com/@s12deff/bypas…

Looking to collaborate with companies or individuals in pentesting. I can build custom agents, implants, and offensive tooling. Open to projects, let’s work together ;)

Next victim, Local Privilege Escalation from R/W Kernel primitive

Continuing my journey in reverse engineering vulnerable drivers🫠

Persistence via Startup Directory New Medium post. In this article, I’ll walk you through one of the most basic (yet still abused) techniques for achieving persistence in the offensive Windows security medium.com/@s12deff/persi…

[+] Local Privilege Escalation Completed from Kernel R/W If I have enough time, I’ll post it on Medium tomorrow ;) 🎶 youtube.com/watch?v=fFtvI0…

Classic Windows Shellcode Execution youtu.be/Qe4gf7mwcqc