Defense-In-Depth write-up

TL;DR .BGI files can be sent on mail as attachment and can execute code when opened.Requires that BGinfo.exe has been run on the remote machine once. It will also bypass Outlook attachment protection (Fixed with Defense-in-depth patch from September 2017). PowerShell functions to generate BGI and VBSWebMeter here:     I was acknowledged on … Continue reading Defense-In-Depth write-up

Bypassing Device guard UMCI using CHM – CVE-2017-8625

TL;DR You could/can bypass Device Guard user mode code integrity with a custom CHM and execute code.   The last 6 months I have done some security research on my (little) spare time, because I find that very interesting. During this time, I was lucky enough to find another valid Device Guard UMCI bypass (I … Continue reading Bypassing Device guard UMCI using CHM – CVE-2017-8625