Windows Exploitation Tricks: Abusing the User-Mode Debugger

>Windows Exploitation Tricks: Abusing the User-Mode Debugger

...and...

>Nothing I’ve described here is a security vulnerability, but the behavior is interesting and it’s worth looking out for cases where it could be used.

Maybe I'm misunderstanding this newfangled internets but isn't exploitation generally synonymous with security vulnerability?

JFYI, for anyone who's interested, the equivalent debugging API methods in .NET could be found in ClrMd[0] but it's as unyielding a beast as the native methods.

[0] - https://github.com/microsoft/clrmd

XMPPwocky 6 years ago | |

A vulnerability is "this function will write 8 bytes of arbitrary data out of bounds in an edge case". Exploitation is the process of using that vulnerability to, typically, cause the process to execute attacker-controlled code.

Something can make exploitation easier without being a vulnerability. For example, disabling exploit mitigations like ASLR does this.

peter_d_sherman 6 years ago |

User mode debugging is an area that any present or future OS designer should be concerned about getting right in terms of debugging features vs. security implications...

tomglynch 6 years ago |

Why is project zero hosted on blogspot?

Larrikin 6 years ago | |

Google owns it.

tomglynch 6 years ago | | |

They don't host their 'cloud' blog on blogspot: https://cloud.google.com/blog/topics/inside-google-cloud/an-...

So why project zero?

babuskov 6 years ago | | |

It was probably the easiest route. Instead of setting up a special website for it, they just made a blog with a couple of clicks. Project zero goes back to 2014. Perhaps the infrastructure wasn't there, or it started as a small pilot project.

mehrdadn 6 years ago | | |

Confused, why is this a big deal? It seems like such a minor thing.

AstralStorm 6 years ago | | |

They probably do host Blogspot on their cloud though.

la_barba 6 years ago | |

Maybe now Google wont kill that service if their employees rely on it.. :P