Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :)
blog.slowerzs.net/posts/keyjum...
blog.slowerzs.net/posts/keyjum...
Code reuse in the age of kCET and HVCI
blog.slowerzs.net
March 29, 2025 at 8:36 AM
Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :)
blog.slowerzs.net/posts/keyjum...
blog.slowerzs.net/posts/keyjum...
Ever wondered how CryptProtectMemory with the CRYPTPROTECTMEMORY_SAME_PROCESS flag worked, or if encrypted blobs could be decrypted without code injection ? I wrote a blogpost about it: blog.slowerzs.net/posts/cryptd...
Decrypting CryptProtectMemory without code injection
blog.slowerzs.net
December 5, 2024 at 5:59 PM
Ever wondered how CryptProtectMemory with the CRYPTPROTECTMEMORY_SAME_PROCESS flag worked, or if encrypted blobs could be decrypted without code injection ? I wrote a blogpost about it: blog.slowerzs.net/posts/cryptd...