let's start walk @CR3

Manu Rautela

Windows, Security, Debugging

parsing sysmon events using krabs etw

less than 1 minute read

TL;DR

building windows driver with cmake and wdk from cmdline

less than 1 minute read

TL;DR

understaning CVE-2014-4113 win32k vuln with windbg

12 minute read

TL;DR This is taken from the mwri labs doc in links below. The vulnerability is in the function win32k!xxxHandleMenuMessages. When it calls the functio...

Lost registers during kernel debugging Win7

less than 1 minute read

When kernel debugging an old target like Windows 7 after a long time using windbg. I noticed not being able to see the registers in register pane. That was k...

Manu Rautela

Recent Posts

parsing sysmon events using krabs etw

building windows driver with cmake and wdk from cmdline

understaning CVE-2014-4113 win32k vuln with windbg

Lost registers during kernel debugging Win7