Bill Demirkapi - Bill Demirkapi's Blog

Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations

Note: Another researcher recently tweeted about the technique discussed in this blog post, this is addressed in the last section of the blog (warning, spoilers!). To access information about a running process, developers generally have to open a handle to the process through the OpenProcess API specifying a combination of

Insecure by Design

Insecure by Design, Epic Games Peer-to-Peer Multiplayer Service

The opinions expressed in this publication are those of the authors. They do not reflect the opinions or views of my employer. All research was conducted independently. As someone who enjoys games that involve logistics, a recently-released game caught my eye. That game was Satisfactory, which is all about building

Security Research

Defeating Macro Document Static Analysis with Pictures of My Cat

Over the past few weeks I've spent some time learning Visual Basic for Applications (VBA), specifically for creating malicious Word documents to act as an initial stager. When taking operational security into consideration and brainstorming ways of evading macro detection, I had the question, how does anti-virus detect a malicious

Security Research

How to use Trend Micro's Rootkit Remover to Install a Rootkit

The opinions expressed in this publication are those of the authors. They do not reflect the opinions or views of my employer. All research was conducted independently. For a recent project, I had to do research into methods rootkits are detected and the most effective measures to catch them when

Security Research

Several Critical Vulnerabilities on most HP machines running Windows

I always have considered bloatware a unique attack surface. Instead of the vulnerability being introduced by the operating system, it is introduced by the manufacturer that you bought your machine from. More tech-savvy folk might take the initiative and remove the annoying software that came with their machine, but will

Insecure by Design

Insecure by Design, Weaponizing Windows against User-Mode Anti-Cheats

The market for cheating in video games has grown year after year, incentivizing game developers to implement stronger anti-cheat solutions. A significant amount of game companies have taken a rather questionable route, implementing more and more invasive anti-cheat solutions in a desperate attempt to combat cheaters, still ending up with

Security Research

Local Privilege Escalation on Dell machines running Windows

In May, I published a blog post detailing a Remote Code Execution vulnerability in Dell SupportAssist. Since then, my research has continued and I have been finding more and more vulnerabilities. I strongly suggest that you read my previous blog post, not only because it provides a solid conceptual understanding

Security Research

Remote Code Execution on most Dell computers

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is "What third-party software came with

Security Research

Hacking College Admissions

Getting into college is one of the more stressful time of a high school student's life. Since the admissions process can be quite subjective, students have to consider a variety of factors to convince the admissions officers that "they're the one". Some families do as much as they can to

Security Research

Reversing the CyberPatriot National Competition Scoring Engine

Edit 4/12/2019Originally, I published this post a month ago. After my post, I received a kind email from one of the primary developers for CyberPatriot asking that I take my post down until they can change their encryption algorithm. Given that the national competition for CyberPatriot XI was

Security Research

Reading Physical Memory using Carbon Black's Endpoint driver

Enterprises rely on endpoint security software in order to secure machines that have access to the enterprise network. Usually considered the next step in the evolution of anti-virus solutions, endpoint protection software can protect against various attacks such as an employee running a Microsoft Word document with macros and other