Henrik Falk January 16, 2025
WorstFit: Unveiling Hidden Transformers in Windows ANSI!
The research unveils a new attack surface in Windows by exploiting Best-Fit, an internal charset conversion feature. Through our work, we successfully transformed this feature into several practical attacks, including Path Traversal, Argument Injection, and even RCE, affecting numerous well-known applications! Given that the root cause spans compiler behavior, C/C++ runtime and developer’s mistakes, we also discussed the challenges of pushing fixes within the open-source ecosystem.
blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi
Command Line Underdog: WMIC in Action
My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts - but on a recent engagement, I did. For me, it was a great refresher on typical things to do after you have escaped the intended application and want to get more code execution.
trustedsec.com/blog/command-line-underdog-wmic-in-action
The Art of Linux Kernel Rootkits
An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.
inferi.club/post/the-art-of-linux-kernel-rootkits
