Windows
Targeting Windows Systems
-
A Tale of Two CatchPulse Antivirus Exploits
What happens when your antivirus becomes the easiest way to compromise your system? In this post, I uncover two zero-day vulnerabilities in the CatchPulse driver that allow an attacker to bypass weak process “authentication,” abuse privileged file operations to dump sensitive data like password hashes, and ultimately trigger a kernel heap overflow for arbitrary read/write…
-
Zero-Day Breakdown: RevoUninstaller Heap Overflow Exploit
Exploiting RevoUninstaller zero-day to achieve local privilege escalation. Windows driver heap overflow to full system access.