安裝中文字典英文字典辭典工具!
安裝中文字典英文字典辭典工具!
|
- Allocated Filter Altitudes - Windows drivers | Microsoft Learn
If you already have a Microsoft-assigned "integer" altitude, you can use it to create your own "fractional" altitude to place a new filter in the same load order group If you don't have a Microsoft-assigned altitude in the appropriate load order group, you need to request one
- Brokering File System (BFS) January 2025 Patch Analysis
The updates address different operating systems with KB5050009 addressing Windows 11 Windows Server 2025 systems where as KB5049984 addresses Windows Server 2022, 23H2 Edition These updates address two distinct Use After Free (UAF) vulnerabilities triggerable through race conditions
- CVE-2025-62454: Patch Windows Cloud Files Mini Filter Driver EoP Now
The Windows Cloud Files Mini Filter Driver (commonly cldflt sys cloud files filter family) implements the kernel‑side plumbing that makes cloud‑backed placeholder files behave like local files
- Understanding Mini-Filter Drivers for Windows Vulnerability Research . . .
Basically, Mini-Filter Drivers are one of the components of modern Windows file system architecture They provide a way for developers to monitor and modify file system operations without
- Brokering File System (bfs) Service Defaults in Windows 11
In Windows 11 it starts automatically during the operating system startup If Brokering File System fails to start, the failure details will be recorded into Event Log
- Hunting for Bugs in Windows Mini-Filter Drivers - Project Zero
These 4 issues were 3 local privilege escalations and a security feature bypass, and they were all present in Windows file system filter drivers I’ve found a number of issues in filter drivers previously, including 6 in the LUAFV driver which implements UAC file virtualization
- Exploiting Reversing (ER) series: Article 01 | Windows kernel drivers . . .
Welcome to the first article of Exploiting Reversing (ER) series, a step-by-step vulnerability research series on Windows, macOS, hypervisors and browsers, where we will review concepts, architecture and practical steps related to vulnerability research
- Revisiting MiniFilter Abuse Techniques to Blind EDR | Penetration . . .
We've decided to explore these mitigations and attempt to bypass them While testing Sysmon in our detection lab, I discovered that a MiniFilter driver, such as the Sysmon driver, can be abused to prevent EDR drivers from loading This effectively blinds the telemetry by blocking kernel callbacks
|
|
|