Issues encountered during the CVE-2021-40449 UAF research process.

The main content of this article is translated from: https://theevilbit.github.io/posts/a_simple_protection_against_hmvalidatehandle_technique/

Looking at win32k exploitation techniques in recent years, the HMValidateHandle technique is used almost everywhere. I had an idea about how to prevent this type of exploitation, and this article discusses it.

Malware and attackers commonly use scheduled tasks as their persistence mechanism.

From a threat detection perspective, understanding how scheduled tasks run and are created, as well as the processes associated with them, is essential.

Additionally, this article investigates and explores an undisclosed scheduled task hiding technique.

Learning stack overflow and shellcode through hands-on examples. (Notes from a long time ago — pretty outdated, take it or leave it.)

Process memory is like a palace in the dark — it’s hard to see what’s inside directly; you can only explore it corner by corner. This time I explore how C++ data structures are represented in memory, primarily summarized from ‘C++ Disassembly and Reverse Analysis’, with floating-point content from Chapter 2 of ‘Computer Systems: A Programmer’s Perspective’.

Challenge Description

This is Challenge #9 “Nine-Layered Demonic Tower” from the Kanxue.TSRC 2017 CTF Autumn Competition: Challenge Link

MD5 of the exe file: b8b6bfe47a9c40117e2c6bbd5839f198