Vexillium - j00ru.vexillium.org - j00ru//vx tech blog
General Information:
Latest News:
Black Hat USA 2013, Bochspwn, slides and pointers 14 Aug 2013 | 04:17 am
(Collaborative post by Mateusz “j00ru” Jurczyk and Gynvael Coldwind) Two weeks ago (we’re running late, sorry!) Gynvael and I had the pleasure to attend one of the largest, most technical and renowne...
Approaching BlackHat US 2013 and new Dragon Sector blog 24 Jul 2013 | 08:04 pm
This is a quick reminder that Gynvael and I are going to attend BlackHat US 2013 in Las Vegas next week with the “Bochspwn: Identifying 0-days via System-Wide Memory Access Pattern Analysis” presentat...
Changing the cursor shape in Windows proven difficult by NVIDIA (and AMD) 1 Jul 2013 | 05:22 pm
If you work in the software engineering or information security field, you should be familiar with all sorts of software bugs – the functional and logical ones, those found during the development and ...
Kernel double-fetch race condition exploitation on x86 – further thoughts 17 Jun 2013 | 05:04 pm
(Collaborative post by Mateusz “j00ru” Jurczyk and Gynvael Coldwind) It was six weeks ago when we first introduced our effort to locate and eliminate the so-called double fetch (e.g. time-of-check-to...
CONFidence 2013 and the x86 quirks 2 Jun 2013 | 06:52 pm
Another week, another conference. Just a few days ago, Gynvael and I had the pleasure to attend and present at the CONFidence 2013 infosec conference traditionally held in Cracow, Poland. The event r...
NoSuchCon’13 and crashing Windows with two instructions 22 May 2013 | 06:57 am
The first edition of the NoSuchCon security conference held in Paris ended just a few days ago. Before anything else, I would like to thank all of the organizers (proudly listed at nosuchcon.org) for ...
SyScan 2013, Bochspwn paper and slides 2 May 2013 | 11:53 pm
(Collaborative post by Mateusz “j00ru” Jurczyk and Gynvael Coldwind) A few days ago we (Gynvael and I) gave a talk during the SyScan’13 conference in the fine city of Singapore, and as promised (thou...
A story of win32k!cCapString, or unicode strings gone bad 16 Apr 2013 | 07:24 pm
In the most recent blog post (“Fun facts: Windows kernel and guard pages”), we have learned how the code coverage of kernel routines referencing user-mode memory can be determined by taking advantage ...
Fun facts: Windows kernel and guard pages 13 Apr 2013 | 06:36 am
It has been a while since I last posted here, so I guess it’s high time to get back to work and share some more interesting Windows kernel internals goodies. Before we get to that, however, let’s star...
PDF Fuzzing Fun Continued: Status Update 9 Jan 2013 | 05:54 am
(Collaborative post by Mateusz “j00ru” Jurczyk and Gynvael Coldwind) Almost five months ago, Gynvael Coldwind and I wrote about an effort to improve the security of popular PDF parsing and rendering ...
