Callbacks Initialization & Identifying in Windows Kernel and Remove Callbacks with Windbg
When discussing callbacks, most people often think of EDRs (Endpoint Detection and Response systems).There are numerous methods available for identifying callbacks in research environments. One such method was addressed by...
Security of Handles & Misuse of DuplicateHandle
While writing practice code for a driver in windows, I discovered a security issue: It seemed there was a flaw in the DuplicateHandle function. I started investigating this issue and...