Monday, 26 October 2020
Creating your own Virtual Service Accounts
Following on from the previous blog post , if you can't map arbitrary SIDs to names to make displaying capabilities nicer what is the pu...
Saturday, 24 October 2020
Using LsaManageSidNameMapping to add a name to a SID.
I was digging into exactly how service SIDs are mapped back to a name when I came across the API LsaLookupManageSidNameMapping . Unsurprisi...
Wednesday, 1 July 2020
Generating NDR Type Serializers for C#
As part of updating NtApiDotNet to v1.1.28 I added support for Kerberos authentication tokens. To support this I needed to write the parsi...
Saturday, 23 May 2020
OBJ_DONT_REPARSE is (mostly) Useless.
Continuing a theme from the last blog post , I think it's great that the two additional OBJECT_ATTRIBUTE flags were documented as a wa...
Friday, 22 May 2020
Silent Exploit Mitigations for the 1%
With the accelerated release schedule of Windows 10 it's common for new features to be regularly introduced. This is especially true of ...
Wednesday, 20 May 2020
Writing Windows File System Drivers is Hard.
A tweet by @jonasLyk reminded me of a bug I found in NTFS a few months back, which I've verified still exists in Windows 10 2004. As f...
Thursday, 7 May 2020
Old .NET Vulnerability #5: Security Transparent Compiled Expressions (CVE-2013-0073)
It's been a long time since I wrote a blog post about my old .NET vulnerabilities. I was playing around with some .NET code and found an...
View web version