Windows X64 on

Copy, Paste, Exploit: Buffer Overflow in EduGrade Import Engine

Wed, 18 Sep 2024 00:00:00 +0000

4. Buffer Overflow in EduGrade Import Engine (x64)
#

Platform: Windows 10 x64
Target: EduGrade Desktop (Import Engine Parser)
Discovered: August 2024
Status: Local Privilege Escalation (unpatched)
CVSS (Est.): 7.6 – Local overflow leads to code execution

Strings Unleashed: Unsafe Length Handling in BookPro Reader

Sat, 22 Jun 2024 00:00:00 +0000

3. Unsafe Length Handling in BookPro Reader (x64)
#

Platform: Windows 10 x64
Target: BookPro Reader (EPUB/ZIP Parser)
Discovered: May 2024
Status: Unreported – no known disclosure policy
CVSS (Est.): 8.1 (High) – Stack corruption via overlong metadata entry

Racing the Kernel: Use-After-Free in SnapBackup.sys

Sat, 02 Dec 2023 00:00:00 +0000

Prologue — Ring-0 and the Need for Speed
#

Most people ignore backup software. I don’t. Especially when it’s running in the kernel and handling file operations with zero context verification.

Stacking Bytes: Heap Overflow in PrintSecure’s Spooler

Mon, 06 Nov 2023 00:00:00 +0000

Prologue — Midnight Layers & Metadata Games
#

I’d been reverse engineering some internal RPC routines on a lightly documented print management service—PrintSecure, used across several enterprise Windows Server 2019 deployments. The kind of service that hums quietly in the background, doing menial job routing, completely overlooked. That’s usually a good place to find something sharp.

Overflowing Authority: Stack Smash in LocalAdminTool.exe

Mon, 02 Oct 2023 00:00:00 +0000

Prologue — Pipes, Stacks, and Hidden Elevation
#

I was digging around Windows 10 utilities installed on a workstation used for internal admin scripting. One tool stood out — LocalAdminTool.exe. It used a named pipe to receive commands, and the binary hadn’t seen a patch in years.

Signed to Compromise: Kernel Overflow in XLogDriver.sys

Sat, 10 Jun 2023 00:00:00 +0000

Signed Driver Exploit in XLogDriver.sys (x64 Kernel)
#

Prologue: A Signed Invitation to Ring-0
#

This one hit different. I was sifting through a bunch of random vendor drivers, most of them dusty utilities for things like USB logs and peripheral diagnostics. Nothing fancy. But one caught my eye: XLogDriver.sys.

Signed Once, Loaded Twice: Plugin Signature Bypass in CodeWorks IDE

Tue, 11 Apr 2023 00:00:00 +0000

Signature Bypass in CodeWorks IDE Plugin Loader
#

Prologue: Not All Checks Are Made Equal
#

It started with curiosity, like it usually does. I wasn’t even targeting CodeWorks specifically. I was just bouncing around dev tools I had lying around — checking how they loaded plugins, how they validated them, and if they did anything… out of order.

Windows X64 on

Copy, Paste, Exploit: Buffer Overflow in EduGrade Import Engine

4. Buffer Overflow in EduGrade Import Engine (x64) #

Strings Unleashed: Unsafe Length Handling in BookPro Reader

3. Unsafe Length Handling in BookPro Reader (x64) #

Racing the Kernel: Use-After-Free in SnapBackup.sys

Prologue — Ring-0 and the Need for Speed #

Stacking Bytes: Heap Overflow in PrintSecure’s Spooler

Prologue — Midnight Layers & Metadata Games #