{"version":1,"pages":[{"id":"SiajI8glUzS3SHHORuN0","title":"Kernel Cactus","pathname":"/kernelcactus","siteSpaceId":"sitesp_ZDRKE","description":"Combat in the kernel space -Its Pointy and it HURTS!"},{"id":"8NOhUOqMpYEkJrCobwwq","title":"Old but Gold","pathname":"/kernelcactus/old-but-gold","siteSpaceId":"sitesp_ZDRKE","description":"Re-visiting - CVE-2021-21551"},{"id":"JT0k0h14vOtaTpSkboNw","title":"The Dell – Microsoft issue","pathname":"/kernelcactus/the-dell-microsoft-issue","siteSpaceId":"sitesp_ZDRKE","description":"Why Vendors are both the reason for the vulnerability, and lack of thorough treatment"},{"id":"JBiYTBqw8z4IcWuEwIFn","title":"Getting Familiar with the Kernel","pathname":"/kernelcactus/getting-familiar-with-the-kernel","siteSpaceId":"sitesp_ZDRKE","description":"Deep dive into Important  Kernel Structures and Attributes"},{"id":"cC6RQSmybp9CahOEbpYe","title":"Building Our Navigation System in the Kernel","pathname":"/kernelcactus/building-our-navigation-system-in-the-kernel","siteSpaceId":"sitesp_ZDRKE","description":"Automation is key."},{"id":"wQUhHeAQ2rVPYKM1aPPb","title":"Intro","pathname":"/kernelcactus/pocs/intro","siteSpaceId":"sitesp_ZDRKE","description":"Living off the Kernel – Creating Weapons out of knowledge","breadcrumbs":[{"label":"POCs "}]},{"id":"IxMBxVC65cKesorL9OlW","title":"Handle Elevation","pathname":"/kernelcactus/pocs/handle-elevation","siteSpaceId":"sitesp_ZDRKE","description":"ACL is an illusion","breadcrumbs":[{"label":"POCs "}]},{"id":"40X33rgukhMFAB2sRSLC","title":"Token Stealing","pathname":"/kernelcactus/pocs/token-stealing","siteSpaceId":"sitesp_ZDRKE","description":"It has been done before, but its worth covering in detail","breadcrumbs":[{"label":"POCs "}]},{"id":"xd2J4KfhkZbkK2unMqKr","title":"PPL Toggling","pathname":"/kernelcactus/pocs/ppl-toggling","siteSpaceId":"sitesp_ZDRKE","description":"Who will protect you now?","breadcrumbs":[{"label":"POCs "}]},{"id":"7rD9lhK4KM8f6EdQyqbX","title":"ETW Provider Toggling","pathname":"/kernelcactus/pocs/etw-provider-toggling","siteSpaceId":"sitesp_ZDRKE","description":"","breadcrumbs":[{"label":"POCs "}]},{"id":"tiOoKqOvi7c4ymdsZrXh","title":"Total Service Destruction","pathname":"/kernelcactus/pocs/total-service-destruction","siteSpaceId":"sitesp_ZDRKE","description":"Your service brings a process back to life? nvm...","breadcrumbs":[{"label":"POCs "}]},{"id":"etFJlARCokodw89381z1","title":"Thread Hijacking using _KTRAP_FRAME","pathname":"/kernelcactus/pocs/thread-hijacking-using-_ktrap_frame","siteSpaceId":"sitesp_ZDRKE","description":"Old Tricks New tools","breadcrumbs":[{"label":"POCs "}]},{"id":"EAtnyTZpZ1HR9Xcl6fkw","title":"The Low-Level Way","pathname":"/kernelcactus/mitigations/the-low-level-way","siteSpaceId":"sitesp_ZDRKE","description":"Driver Mitigation - MIOB","breadcrumbs":[{"label":"Mitigations"}]},{"id":"TvWtxduZo9QOkxpMRMbt","title":"User-Mode Hooking","pathname":"/kernelcactus/mitigations/user-mode-hooking","siteSpaceId":"sitesp_ZDRKE","description":"Why build more systems when most EDRs have hooking in place?","breadcrumbs":[{"label":"Mitigations"}]},{"id":"TStcA2Q0oM7X84P3ZwQo","title":"Symbolic Link racing","pathname":"/kernelcactus/mitigations/symbolic-link-racing","siteSpaceId":"sitesp_ZDRKE","description":"Don’t Open the Door to Vulnerable Drivers","breadcrumbs":[{"label":"Mitigations"}]}]}