tags:windowslpekernel original link: Smoke and Mirrors: Driver Signatures Are Optional newsletter link: exploits.club Weekly Newsletter 31
Exploits Club Summary:
@GabrielLandau’s talk from BlueHat IL 2024 was just released on YouTube, in which he discusses a “previously unnamed vulnerability class” in Windows. The talk starts by recapping some of the research Gabriel had previously done and presented at BlackHat, in which he could jump from Admin to Kernel due to false file immutability. In his new research, he takes roughly the same idea but can translate it to a different security check (security catalogs) and leverage it to load an unsigned driver from userspace.