HackerTrans
TopNewTrendsCommentsPastAskShowJobs

musjleman

no profile record

comments

musjleman
·9 mesi fa·discuss
Why is this AI slop here? The "author" deleted his twitter account and added the disclaimer at the top of this post that it's all written by AI and he's not an actual "programmer or reverse engineer".

The fact that nonsense like this gets likes amazes me. You take an emulator, you know a thing whose entire purpose is to evaluate instructions without actually executing them, "bypass" something with overcomplicated and unnecessary hardware breakpoints usage (what exactly is the point of not just catching the access violation instead? Or why do you need to cause an exception at all to emulate the instructions?) and release it with some awful POC that's also AI generated.
musjleman
·9 mesi fa·discuss
An interpreter for a machine language is usually just called an emulator.
musjleman
·10 mesi fa·discuss
I'm pretty sure it's just a small mistake in the article on the exact syscall used to query the token information.

Checked a kernel from November 2024 vs a current one and from I can tell, this used to be the actual mechanism the exploit worked:

  Thread #1 looping
    NtQueryInformationToken(TokenAccessInformation, InfoBuffer);
  
  Thread #2 looping
    Ptr = *(InfoBuffer + SidHashOffset);
    if (IsValidCanonicalKernelPtr(Ptr))
      done