A Dell: CVE-2021-21551

Earlier this month, a post written by SentinelLabs came about notifying of a Dell driver having multiple vulnerabilities. Vulnerabilities in third party drivers always get exciting because of all the evil stuff one can cause with it and to top that, no exploitation is needed and you can still get the same outcome! The Vulnerability […]

Read more >

A Look at CVE-2020-17087

Or how I failed at exploitation but mitigated it instead… On Thursday, October 22, 2020, an interesting issue was posted on bugs.chromium.org titled “Issue 2104: Windows Kernel cng.sys pool-based buffer overflow”. There was an issue in CNG.sys, the Windows driver for Cryptography API: Next Generation, where IOCTL 0x390400 led to a function that was vulnerable […]

Read more >