Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Dell is a brand of computer used across the world. The author audited the Dell firmware update driver ( dbutil_2_3.sys) and found several vulnerabilities in it.

The first (and most obvious) issue is that the driver accepts IOCTL (input/output control) requests without any ACL requirements. This means that the driver can be hit by any user on the system to call the functionality of the driver. By calling a driver that takes in pointers for a call to memmove an arbitrary read/write vulnerability has been given to the user. Damn!

An additional vulnerability is direct access to IN/OUT calls in kernel mode. Using these instructions, it is possible to interact with the HDD and GPU with DMA operations. Direct Memory Access (DMA) operations from userspace is 100% game over, as it can be used to bypasses all security mechanisms the OS has put in place.

The main issue is that the driver does not require any permissions to run, allows any user to kernel instantly. However, these other issues could be exploited by an administrator to get kernel access, which is still a valid concern.

These bugs sat around for 12+ years without anybody discovering them. Sometimes, the best research is just finding the right target. Good research here!