Security Researchers: Connor McGarr

Analysis of NT, Secure Kernel, and SKCI working together to create the initial SECURE_IMAGE object

Dealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).

Porting part 2's ChakraCore exploit to Microsoft Edge while defeating ASLR, DEP, CFG, ACG, CIG, and other mitigations.

Leveraging ChakraCore to convert our denial-of-service from part 1 into a read/write primtive and functioning exploit.

End-to-end 'modern' browser exploitation on Windows beginning with configuring a browser exploitation environment, exploring JavaScript intrinsics, and understanding type confusion vulnerabilities.

Examining recent changes to a highly-abused static structure, KUSER_SHARED_DATA, and its exploitation impact.

Combining part 1's information leak vulnerability with a pool overflow vulnerability to obtain code execution via grooming the kLFH

Leveraging the HackSysExtreme Vulnerable Driver to understand the Windows kernel pool, the impacts of kLFH, and bypassing kASLR from low integrity via out-of-bounds read vulnerabilities.

Analysis and writeup on weaponizing CVE-2021-21551 without a data-only attack and the importance of Virtualization-Based Security, Hypervisor-Protected Code Integrity, Kernel Control-Flow Guard, and other modern mitigations.

Documenting my journey from ground 0 to (hopefully) more modern browser exploitation.