stark0de

Daniel Monzón - stark0de

Security research, red teaming and pentesting

               

Latest Research

How to Accidentally Crash Windows Defender (and Explorer.exe) - Research Summary

#windows-internals #windows-defender #vulnerability-research #protected-processes

Background: Protected Processes in Windows

Windows implements a security mechanism called “Protected Processes” that prevents even administrator-level users from tampering with critical system processes. Many system processes, antivirus solutions, and EDRs use this protection level, including Windows Defender.

Understanding Process Access Rights

When attempting to open a handle to a process using the OpenProcess Windows API function, different access rights can be requested. For protected processes, most access rights are denied by default, even with administrator privileges.

Read more →

Pwning rConfig: Multiple Vulnerabilities and RCE Chains

#vulnerability-research #rce #web-security #cve

Arbitrary File Deletion:

Location: /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php

This vulnerability allows deletion of any file by specifying:

  • The file path using the path parameter
  • The file extension using the ext parameter

File deletion request

File deletion confirmation

Read more →