Kaspersky Hooking Engine Analysis

In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky (http://www.kaspersky.com/it/trials PURE 3.0 Total Security), we will deal with various hooking techniques used both at user and kernel mode. The reference operating system will be Windows 7 Professional 32-bit. The image below shows […]

CVE-2013-1763 sock_diag_handlers Local Root Exploit Analysis

In this article we will analyze the exploit released by Kacper Szczesniak for CVE -2013-1763. In simple terms this exploit takes advantage of a vulnerability at kernel-level of the array sock_diag_handlers, and allows a local user to gain privileges of “root” on the system. Before starting the analysis, however, the underlying concept should be clarified: in Linux systems, […]