Background At the end of 2024 I had wanted to learn more about Windows driver exploitation. I’ve spent a fair bit of time in Windows user-land, but not with the kernel. I haven’t looked at the Windows kernel much since I took the OSEE course. So I set a goal for myself this year to research a known-vulnerable Windows driver and craft a functional exploit. The goals of this project were to:

Background Someone I know once told me about a device they purchased at a county fair. It’s a small box that you plug into your TV and hook up to your Internet connection. It’s basically a digital content streaming box (like a Roku), except the seller claimed that you could get any movie or TV show you wanted for free. This supposedly included live television and films that were still in theaters.

CVE-2023-40477 I’ve recently been looking at N-day vulnerabilities in Windows software in an attempt to hone my reverse engineering and exploit development skills. Last month, I read about an interesting bug in WinRAR version 6.22 and below which could result in remote code execution. This bug was assigned CVE-2023-40477. It was discovered by Zero Day Initiative. When I started, all the information I had to go on came from the ZDI page:

Intro After recently finishing the Offensive Security OSEE exam, I wanted to start looking at some real-world vulnerabilities in Windows. I had hoped I might find a recently patched vulnerability with an available PoC that could simply trigger the bug. If a PoC wasn’t available, then maybe a blog post somewhere doing a root cause analysis so I could build my own PoC to trigger the bug, and then later attempt to weaponize it.

Updates When I left off in my last post, I had only just started working on the OSEE course material at home by myself. Now a whopping nine months later, I’m finally done with the training. It’s been a long road and a lot of work, but it was worth it! Best Laid Plans My original plan when I got back from Blackhat and Defcon was to work on one module per month leading up to the exam.