2021-03-22 11:50   Speculating the entire x86-64 Instruction Set In Seconds with This One Weird Trick    #can.ac #安全文章 As cheesy as the title sounds, I promise it cannot beat the cheesiness of the technique I’ll b

2020-04-11 13:46   Writing an optimizing IL compiler, for dummies, by a dummy: 0x1 Symbolic Expressions    #can.ac #安全文章 Before I begin this series of blog posts, I would like to add a small disclaimer. I have no prior ex

2019-10-19 12:03   ByePg: Defeating Patchguard using Exception-hooking    #can.ac #安全文章 Now I know what you are thinking, exception hooks? …in kernel-mode? Yes, it is certainly is no

2018-05-11 22:19   Arbitrary Code Execution at Ring 0 using CVE-2018-8897    #can.ac #安全文章 Just a few days ago, a new vulnerability allowing an unprivileged user to run #DB handler with user-

2018-05-03 03:24   Making the Perfect Injector: Abusing Windows Address Sanitization and CoW    #can.ac #安全文章 By the end of this post, I aim to make an injector unlike any other: one that by design makes your D

2018-04-29 06:06   Escaping SMEP Hell: Exploiting Capcom Driver In a Safe Manner    #can.ac #安全文章 Trapped in a SMEP disabled payload not being able to do anything reliably? You have come to the righ

2018-04-26 08:59   Splitting Data from Code, Forgotten x86 Feature: Segmentation    #can.ac #安全文章 With the introduction of sTLB with Intel Nehalem, TLB splitting — once a reliable techniq