Andrea Monzani issues

Results 5 issues of


                                            Andrea Monzani

Missed UTF-8 codepoints marshalling in writeStringSlowPath?

While parsing some fibratus _http output_, I noticed that in the raw UTF-8 there were some unexpected sequences, for example `0x30` followed by a `0x90`. I never used Go, but...

scope: transformers

Injector sometimes hangs while injecting commands into explorer

Hi everyone, we' ve encountered a problem while perfoming some tests with the drakvuf-sandbox. In our case, `injector` seems to be randomly hanging for an undefined amount of time ....

Added new vulnerable sample for Truesight

Added version 1.0.3 of Truesight.sys, used by `9830c640ba209cf06d090e84770acf84460f932522800a9ed31196d1d744eea8` to terminate Defender

Added new vulnerable samples for IoBitUnlocker, Zemana and TfSysMon

Added new versions for - IObitUnlocker, used by `64030dbd5a77510a00d33ea4e5d9f4d11643f77686b7100b5e98ffff1938bdf3` to terminate Defender - Zemana, used by `60483e8755a4d977de3c93189dfcd29bb9519d3813602797469751b0dad39fc7` to terminate Defender - TfSysMon, used by `6cc73c52156f1c7ecd36951aaeb146ce5e690afd62214c5e4bedb328e859d013` to terminate Defender

Added termdd.sys

#106 Termdd.sys can be abused to disable Code Integrity and load unsigned drivers. See also https://kat.lua.cz/posts/Some_fun_with_vintage_bugs_and_driver_signing_enforcement/