Olivia
Online
0Dr3f
@0Dr3f
Vulnerability Research & Exploit Development 💻
Joined September 2022
110 Following
419 Followers
46 Posts
Pinned Tweet
Created a blog post explaining physical memory primitives, how they can be exploited and how we can abuse the address translation mechanism to access any memory on a system as well as inject code into any process.
https://t.co/OHcTR1Ocvy
@yarden_shafir @33y0re Is there a reason they didn't include the 'normal' syscall table and just the win32k one? Or is this also in there.
@anio57208 Thanks!
Because I was looking for ways to find the system CR3, I started searching physical memory for the CR3 value on a debugger machine. Thats how I noticed this static value/offset. I have not taken the time to further figure out why it's there.
Created a blog post explaining physical memory primitives, how they can be exploited and how we can abuse the address translation mechanism to access any memory on a system as well as inject code into any process.
https://t.co/OHcTR1Ocvy
@chompie1337 Every exploit dev has once in their life lost some hairs over this. (Atleast I have)
@mrexodia @ptracesecurity Thanks
@sixtyvividtails The translation results in the PTE for VA 0 yes. But the PML4E of MmPteBase points to it's PML4 Table, thus is a self ref entry. You can literally see it in the debugger..
@sixtyvividtails In my post I'm referring to self reference entries and why the MmPteBase can be mapped the way it is. It actually points to a self reference entry. You're right no table is technically "skipped", PML4 just traverses twice. I'll change the wording to avoid confusion. Thanks!
Pew, just came back to work from the long journey.
Thanks everyone for making another great success on #Zer0Con2024! Wish you all safe travel back home and most importantly take a good rest!
We will be around at the @offensive_con, if you are there, let's grab a drink 🙌
I'll be over at #Zer0Con2024 the upcoming month. If anyone wants to talk windows kernel, security in general, or just hang out let me know!
@matterpreter So you're the reason why my report was a duplicate 🫠. Beat me to it by about a month, nice work!
Finally managed to retrieve all the flags and pass the #OSEE exam! Thanks @offsectraining, @Blomster81, and @_sickn3ss_ for this great learning opportunity and fun (but exhausting) exam!
@th31nitiate @offsectraining @Blomster81 @_sickn3ss_ There are certain challenges that allow you to earn a challenge coin. If you complete both, you get 2 :)
And that wraps up AWE from @offsectraining. Thanks @Blomster81 and @_sickn3ss_ for this amazing training. Time to continue this journey towards becoming an #OSEE.
Last Seen Users on Sotwe
ツ Noor - ام عمر Um Omar 
บอย หนุ่มเชียงใหม่ชายแท้รับงาน
Seen from Thailand
pecinta Tante toge
Seen from Indonesia
johncena
Seen from Indonesia
green apple
Seen from United States
ชอบสาวอ้วน+คับๆ
Seen from Thailand
𝔸𝕓𝕠𝕠𝕕🐰🤍.
türk ifşa paylaşım yerel
Seen from Turkey
dream chaser
pemuda pemburu ibu stw
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers