Maxime Meignan
Maxime Meignan
There seems to be some errors in the handling of account lockout thresholds. * First, the variable `$SmallestLockoutThreshold` is defined as the minimum value of all account lockout threshold (from...
In `--usermode` mode, we should implement this https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/ for both auditing the state of these flags for a target process (or all processes) and also for disabling it for the...
Currently, the Minifilter unhooking allow file operations to be carried on without being worried by the EDR. This means that after process dumping, the minidump file write on disk will...
https://windows-internals.com/kaslr-leaks-restriction/ : many userland APIs now restrict processes to access kernel addresses, in order not to break KASLR and make kernel exploits more complex. This does not affect processes with...
# A usability problem Currently, while using EDRSandblast, if a specific driver is blocked at loading by the EDR or Microsoft's blacklist, the whole project needs to be recompiled by...
On x86 (32 bits mode), disassembling the opcodes 66 53 66 5B, binary ninja outputs the following disassembly: ``` 00000000 6653 push bx {var_4} 00000002 665b pop bx ``` which...
ptrace syscall now handles the PTRACE_TRACEME request
* "Name" and "Address" are now 2 separate columns, for readability * Double clicking on a row jumps to the typedef/enum/struct definition, or on the variable's address Depends on https://github.com/binsync/libbs/pull/125...
### Description Currently, the `Globals` panel does not allow to simply navigate to a Struct, Typedef, Enum definition or to a Global variable, which is quite problematic for usability. On...