Hey there!

I’m Gerr.re, and I’m thrilled to welcome you to my blog, where I dive into the fascinating realms of Vulnerability Research, Exploit Development, Reverse Engineering, and OS Internals. It’s not just a blog; it’s a space where we explore the intricacies of these subjects together.

I genuinely hope that by the time you decide to click away, you’ll have discovered something new, something that sparks your curiosity or adds a valuable layer to your understanding. Thanks for joining me on this journey of exploration and learning.

Please feel free to reach out to me by DM on X or Discord if you have any questions, remarks or if you just want to chat.

Looking forward to sharing insights and discoveries with you!

Cheers,
Gerr.re

OSEE Certification Review^[Pinned]

“The OSEE is the most difficult exploit development certification you can earn.” (OffSec). To attempt the 72-hour exam you have to have physically attended the demanding EXP-401: Advanced Windows Exploitation (AWE) course that has limited seats available. At the time of writing it is estimated that there are only around 100 OSEEs in the world whilst the course is taught since 2011. ...

Delaying Kernel Payloads by Hijacking KTIMERs & KDPCs (Part 2)

In this two part blog post series we present KTIMER hijacking, a novel post-exploitation technique that delays the execution of kernel-mode payloads. In the first part whe focussed on Windows 11 timer internals and deferred procedure calls and showed that we can hijack KTIMER and KDCP objects to delay the execution of a function pointer. This second part focusses on implementing these findings in a proof of concept, illustrating the delay in execution of a kernel-mode payload. ...

Delaying Kernel Payloads by Hijacking KTIMERs & KDPCs (Part 1)

In this two part blog post series we present KTIMER hijacking, a novel post-exploitation technique that delays the execution of kernel-mode payloads. This first part will focus on Windows 11 timer internals and deferred procedure calls and how we can hijack KTIMER and KDCP objects to delay the execution of a function pointer. The second part focusses on implementing these findings in a proof of concept, illustrating the delay in execution of a kernel-mode payload. ...

Flare-On 9: 09_encryptor

Flare-On is an annual single player reverse engineering CTF that represents the skills and challenges that the Mandiant FLARE team faces. The 8-12 challenges increase in difficulty and participants have about 6 weeks to complete them all in order to win a prize. ...

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 “CustomDetection” Update Check Remote Code Execution Vulnerability (PDF) ...