Sec Note
UAC Bypass Chain Leading To Silent Elevation 👾 The Presentation Video My Blog: https://binary-win.github.io/2025/08/22/UAC-Bypass.html
Analyzing Avast AV: Kernel Hooking and Driver Reverse Engineering
👾Presentation Video
Blog:
https://binary-win.github.io/2025/12/27/AVAST-Kernel-Hooks-and-AV-ANALYSIS.html
👾Presentation Video
Blog:
https://binary-win.github.io/2025/12/27/AVAST-Kernel-Hooks-and-AV-ANALYSIS.html
👾8🔥4👍2🕊2
Analyzing CVE‑2025‑0287: From IOCTL Entry to Arbitrary Kernel Memory Write … in driver biontdrv.sys
By meisameb
By meisameb
🔥5👾5🕊3👍1
Registry Writes Without Registry Callbacks
#EDR #Persistence
The Bypass
Placing a crafted NTUSER.MAN in C:\Users\<target>\ loads persistence keys into HKCU on next logon. The hive is loaded directly from disk without invoking registry APIs.
CmRegisterCallbackEx monitors registry operations. Hive loads are not registry operations. The callbacks are not invoked.
Filesystem events will trigger. Writing the file to the profile directory is visible to any EDR monitoring file operations. Registry-focused detections remain blind.
#EDR #Persistence
👾7