The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hi everyone, I'm a newbie in Windows Security. I want to detect escalation privileges (UM or KM) , can anyone give me an idea how to do it.
My solution is checking the process/ thread privileges every time it calls common API like CreateProcess, CreateFile, OpenProcess, ... by hooking. Does it possible?
I think Windows checks process permission when it changes the resource, I thinks based on this I can scan in real time . Can someone please explain it to me or share any documentation that describes it.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Kernel Debugging||30 January 2023||Live, Online|
|Developing Minifilters||20 March 2023||Live, Online|
|Writing WDF Drivers||TBD 2023||Live, Online|
|Internals & Software Drivers||17 April 2023||Live, Online|