Monday, 26 October 2020

Creating your own Virtual Service Accounts

Following on from the previous blog post , if you can't map arbitrary SIDs to names to make displaying capabilities nicer what is the pu...
Saturday, 24 October 2020

Using LsaManageSidNameMapping to add a name to a SID.

I was digging into exactly how service SIDs are mapped back to a name when I came across the API  LsaLookupManageSidNameMapping . Unsurprisi...
Wednesday, 1 July 2020

Generating NDR Type Serializers for C#

As part of updating NtApiDotNet  to v1.1.28 I added support for Kerberos authentication tokens. To support this I needed to write the parsi...
Saturday, 23 May 2020

OBJ_DONT_REPARSE is (mostly) Useless.

Continuing a theme from the last blog post , I think it's great that the two additional OBJECT_ATTRIBUTE flags were documented as a wa...
Friday, 22 May 2020

Silent Exploit Mitigations for the 1%

With the accelerated release schedule of Windows 10 it's common for new features to be regularly introduced. This is especially true of ...
Wednesday, 20 May 2020

Writing Windows File System Drivers is Hard.

A tweet by @jonasLyk reminded me of a bug I found in NTFS a few months back, which I've verified still exists in Windows 10 2004. As f...
Thursday, 7 May 2020

Old .NET Vulnerability #5: Security Transparent Compiled Expressions (CVE-2013-0073)

It's been a long time since I wrote a blog post about my old .NET vulnerabilities. I was playing around with some .NET code and found an...