Ben L

@[email protected]
9 Followers
22 Following
21 Posts

Associate Vulnerability Specialist.

Always open for a chat about anything security related.

Particularly interested in and will post about; rust, NixOS, hypervisors/virtualization, and exploit development.

Show threadBen L1d ago
@satoshi_tanda you may find this interesting given its tie into hypervisor research
Show threadBen L1d ago
@tiraniddo this is a multi stage logic bug in skci.dll so definitely your wheelhouse.
Ben L1d ago

Found a way to bypass (probably) Code Integrity in HVCI Enabled Environments Through State Confusion.

Check out the article:
https://github.com/usernameone101/Writeups/blob/main/Bypassing%20Code%20Integrity%20in%20HVCI%20Enabled%20Environments.pdf

#infosec #cybersecurity #cyber #research

Ben L2d ago

Race Condition In the SecureKernel.exe

Note* MSRC has already seen this and mentioned it didn't meet servicing requirements as its not a full chain and thus not immediately weaponisable but its a very real bug so sharing for community education.

GitHub Link: https://github.com/usernameone101/Writeups/blob/main/Premature%20Lock%20Release%20%26%20TOCTOU%20in%20the%20securekernel%20(2).pdf

#research #infosec #cybersecurity #cyber

Ben LMay 28

Configuration Hijack Logic Bug in SMB lol. Some crazy bitwise math bypassed the requirement for privilege checks on IOCTL handles on srvnet.sys hahah.

https://github.com/usernameone101/Writeups/blob/main/Configuration%20Hijack%20Logic%20Bug%20-%20SMB.pdf

#cybersecurity #Research #infosec #IT #microsoft #smb

Writeups/Configuration Hijack Logic Bug - SMB.pdf at main · usernameone101/Writeups

Contribute to usernameone101/Writeups development by creating an account on GitHub.

GitHub
Ben LMay 24

Kernel Information Leak code bug writeup in VMBus.sys if you are interested.

GitHub: https://github.com/usernameone101/Writeups/blob/main/Kernel%20Information%20Leak%20in%20VMBUS.pdf

#cybersecurity #infosec #vulnerability #research #cyber

Writeups/Kernel Information Leak in VMBUS.pdf at main · usernameone101/Writeups

Contribute to usernameone101/Writeups development by creating an account on GitHub.

GitHub
Show threadBen LMay 23
@tiraniddo your methodologies were helpful for this one too.
Ben LMay 23

I found an Asynchronous Dangling Stack Pointer in Hyper-V VMBus.sys Driver.

** Edit ** I am still Junior in my journey, I have only been looking into vuln/pentesting research over the last month or so, so If I have made any conceptual (or practical) errors, I would be truly appreciative to be corrected.

Check out the writeup: https://github.com/usernameone101/Writeups/blob/main/Asynchronous%20Dangling%20Stack%20Pointer%20in%20Windows%20VMBUS.SYS.pdf

Disclaimer: Given Microsoft explicitly states that Administrator to Kernel are the same security boundary, I deemed this bug safe to disclose as it does not cross any security boundaries. I tested this hypothesis, and it is a classic case of a UAF that is not weaponizeable and thus serves as a good piece of research for the community.

#cybersecurity #infosec #vulnerability #research #cyber

Ben LApr 25

I do pen testing in my dayjob and moved from an assessment/engineering background probably about 3 or so weeks ago.

I found (what I thought was an un-found 0-day) over easter with some windows exploit dev, and while its a bummer that VulDB noted it was a collision/merged, I thought it was still worth sharing the writeup I did for it.

Understanding its pretty basic windows stuff, it was still a bit of fun that I found over easter :)

Github link below ->

https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated).pdf

#infosec #vulnerability #pentesting #windows #cybersecurity