OSEE Certification Review  [Pinned]

“The OSEE is the most difficult exploit development certification you can earn.” (OffSec). To attempt the 72-hour exam you have to have physically attended the demanding EXP-401: Advanced Windows Exploitation (AWE) course that has limited seats available. At the time of writing it is estimated that there are only around 100 OSEEs in the world whilst the course is taught since 2011. ...

June 16, 2023 · 9 min · Gerr.re

Delaying Kernel Payloads by Hijacking KTIMERs & KDPCs (Part 2)

In this two part blog post series we present KTIMER hijacking, a novel post-exploitation technique that delays the execution of kernel-mode payloads. In the first part whe focussed on Windows 11 timer internals and deferred procedure calls and showed that we can hijack KTIMER and KDCP objects to delay the execution of a function pointer. This second part focusses on implementing these findings in a proof of concept, illustrating the delay in execution of a kernel-mode payload. ...

September 30, 2023 · 22 min · Gerr.re

Delaying Kernel Payloads by Hijacking KTIMERs & KDPCs (Part 1)

In this two part blog post series we present KTIMER hijacking, a novel post-exploitation technique that delays the execution of kernel-mode payloads. This first part will focus on Windows 11 timer internals and deferred procedure calls and how we can hijack KTIMER and KDCP objects to delay the execution of a function pointer. The second part focusses on implementing these findings in a proof of concept, illustrating the delay in execution of a kernel-mode payload. ...

September 15, 2023 · 9 min · Gerr.re

Flare-On 9: 09_encryptor

Flare-On is an annual single player reverse engineering CTF that represents the skills and challenges that the Mandiant FLARE team faces. The 8-12 challenges increase in difficulty and participants have about 6 weeks to complete them all in order to win a prize. ...

November 12, 2022 · 11 min · Gerr.re

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 “CustomDetection” Update Check Remote Code Execution Vulnerability (PDF) ...

June 1, 2022 · 7 min · Gerr.re