Associate Vulnerability Specialist.
Always open for a chat about anything security related.
Particularly interested in and will post about; rust, NixOS, hypervisors/virtualization, and exploit development.
Found a way to bypass (probably) Code Integrity in HVCI Enabled Environments Through State Confusion.
Check out the article:
https://github.com/usernameone101/Writeups/blob/main/Bypassing%20Code%20Integrity%20in%20HVCI%20Enabled%20Environments.pdf
Race Condition In the SecureKernel.exe
Note* MSRC has already seen this and mentioned it didn't meet servicing requirements as its not a full chain and thus not immediately weaponisable but its a very real bug so sharing for community education.
I found an Asynchronous Dangling Stack Pointer in Hyper-V VMBus.sys Driver.
** Edit ** I am still Junior in my journey, I have only been looking into vuln/pentesting research over the last month or so, so If I have made any conceptual (or practical) errors, I would be truly appreciative to be corrected.
Check out the writeup: https://github.com/usernameone101/Writeups/blob/main/Asynchronous%20Dangling%20Stack%20Pointer%20in%20Windows%20VMBUS.SYS.pdf
Disclaimer: Given Microsoft explicitly states that Administrator to Kernel are the same security boundary, I deemed this bug safe to disclose as it does not cross any security boundaries. I tested this hypothesis, and it is a classic case of a UAF that is not weaponizeable and thus serves as a good piece of research for the community.
I do pen testing in my dayjob and moved from an assessment/engineering background probably about 3 or so weeks ago.
I found (what I thought was an un-found 0-day) over easter with some windows exploit dev, and while its a bummer that VulDB noted it was a collision/merged, I thought it was still worth sharing the writeup I did for it.
Understanding its pretty basic windows stuff, it was still a bit of fun that I found over easter :)
Github link below ->
https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated).pdf
