secret club | We Break Software

EDK2

May 26, 2020 Introduction to UEFI: Part 1
shatter, Mattiwatti in UEFI, EFI, EDK2

EFI

May 26, 2020 Introduction to UEFI: Part 1
shatter, Mattiwatti in UEFI, EFI, EDK2

PE

Jun 5, 2023 Abusing undocumented features to spoof PE section headers
x86matthew in windows, PE

UEFI

Aug 29, 2022 Bootkitting Windows Sandbox
mrexodia, sdoogm in windows, UEFI, bootkit
May 26, 2020 Introduction to UEFI: Part 1
shatter, Mattiwatti in UEFI, EFI, EDK2

anti-cheats

Jan 12, 2021 Hiding execution of unsigned code in system threads
drew in kernel, windows, anti-cheats
Jul 6, 2020 BattlEye client emulation
vmcall in battleye, reverse-engineering, anti-cheats
Jun 19, 2020 Cracking BattlEye packet encryption
yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft
Apr 17, 2020 Why anti-cheat software utilize kernel drivers
vmcall in anti-cheats
Apr 16, 2020 How Escape from Tarkov ensures game integrity
vmcall in battleye, reverse-engineering, anti-cheats
Apr 13, 2020 How anti-cheats detect system emulation
daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
Apr 8, 2020 CVEAC-2020: Bypassing EasyAntiCheat integrity checks
iPower in easy-anti-cheat, anti-cheats
Mar 31, 2020 BattlEye reverse engineer tracking
vmcall in battleye, reverse-engineering, anti-cheats
Feb 26, 2020 Bypassing BattlEye from user-mode
yousif in battleye, reverse-engineering, anti-cheats
Jan 23, 2020 BattlEye communication hook
vmcall in battleye, reverse-engineering, anti-cheats
Jan 12, 2020 BattlEye hypervisor detection
vmcall, daax in battleye, reverse-engineering, anti-cheats
Jan 11, 2020 BattlEye single stepping
vmcall in battleye, reverse-engineering, anti-cheats
Jan 5, 2020 BattlEye stack walking
vmcall in battleye, reverse-engineering, anti-cheats
Jan 5, 2020 BattlEye shellcode updates
vmcall in battleye, reverse-engineering, anti-cheats
Feb 10, 2019 BattlEye anti-cheat: analysis and mitigation
vmcall in battleye, reverse-engineering, anti-cheats

anti-debug

May 23, 2021 Preventing memory inspection on Windows
jm in windows, anti-debug
Jan 20, 2021 Process on a diet: anti-debug using job objects
jm in windows, anti-debug

automation

Apr 3, 2021 How Runescape catches botters, and why they didn't catch me
vmcall in automation, reverse-engineering, game-hacking

battleye

Jul 6, 2020 BattlEye client emulation
vmcall in battleye, reverse-engineering, anti-cheats
Jun 19, 2020 Cracking BattlEye packet encryption
yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft
Apr 16, 2020 How Escape from Tarkov ensures game integrity
vmcall in battleye, reverse-engineering, anti-cheats
Apr 13, 2020 How anti-cheats detect system emulation
daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
Mar 31, 2020 BattlEye reverse engineer tracking
vmcall in battleye, reverse-engineering, anti-cheats
Feb 26, 2020 Bypassing BattlEye from user-mode
yousif in battleye, reverse-engineering, anti-cheats
Jan 23, 2020 BattlEye communication hook
vmcall in battleye, reverse-engineering, anti-cheats
Jan 12, 2020 BattlEye hypervisor detection
vmcall, daax in battleye, reverse-engineering, anti-cheats
Jan 11, 2020 BattlEye single stepping
vmcall in battleye, reverse-engineering, anti-cheats
Jan 5, 2020 BattlEye stack walking
vmcall in battleye, reverse-engineering, anti-cheats
Jan 5, 2020 BattlEye shellcode updates
vmcall in battleye, reverse-engineering, anti-cheats
Feb 10, 2019 BattlEye anti-cheat: analysis and mitigation
vmcall in battleye, reverse-engineering, anti-cheats

binary-exploitation

May 11, 2022 Earn $200K by fuzzing for a weekend: Part 2
addison in binary-exploitation, fuzzing, bug bounty
May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
Apr 20, 2021 CVE-2021-30481: Source engine remote code execution via game invites
floesen in source-engine, binary-exploitation, pwn
Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf
Oct 30, 2020 Wormable remote code execution in Alien Swarm
mev in binary-exploitation, pwn
May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

bootkit

Aug 29, 2022 Bootkitting Windows Sandbox
mrexodia, sdoogm in windows, UEFI, bootkit

bug bounty

May 11, 2022 Earn $200K by fuzzing for a weekend: Part 2
addison in binary-exploitation, fuzzing, bug bounty
May 11, 2022 Earn $200K by fuzzing for a weekend: Part 1
addison in fuzzing, bug bounty

burp-suite

Aug 14, 2020 Abusing MacOS Entitlements for code execution
impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

cryptography

Jun 19, 2020 Cracking BattlEye packet encryption
yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft

csgo

May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

ctf

Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf

debugging

Jan 4, 2021 New year, new anti-debug: Don't Thread On Me
jm in windows, debugging
Apr 10, 2020 Kernel debugging in seconds with Vagrant
invokestatic in windows, debugging, tooling, reverse-engineering

drm

Jun 28, 2021 Windows 11: TPMs and Digital Sovereignty
can1357, daax, everdox in windows, tpm, drm

dropbox

Aug 14, 2020 Abusing MacOS Entitlements for code execution
impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

easy-anti-cheat

Apr 13, 2020 How anti-cheats detect system emulation
daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
Apr 8, 2020 CVEAC-2020: Bypassing EasyAntiCheat integrity checks
iPower in easy-anti-cheat, anti-cheats

eft

Jun 19, 2020 Cracking BattlEye packet encryption
yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft

exploit

Jul 1, 2020 Windows Telemetry service elevation of privilege
Jonas L in exploit, pwn, windows
Apr 23, 2020 From directory deletion to SYSTEM shell
Jonas L in exploit, pwn, windows

fuzzing

Aug 23, 2024 Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 2)
addison in fuzzing
Jun 30, 2024 Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1)
addison in fuzzing
May 11, 2022 Earn $200K by fuzzing for a weekend: Part 2
addison in binary-exploitation, fuzzing, bug bounty
May 11, 2022 Earn $200K by fuzzing for a weekend: Part 1
addison in fuzzing, bug bounty

game-exploitation

May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

game-hacking

Apr 3, 2021 How Runescape catches botters, and why they didn't catch me
vmcall in automation, reverse-engineering, game-hacking
Jan 24, 2019 Reverse engineering 'Black Desert Online' (2. Speed -> local entity)
vmcall in reverse-engineering, game-hacking
Jan 9, 2019 Reverse engineering 'Black Desert Online' (1. Preface)
vmcall in reverse-engineering, game-hacking

gatekeeper

Aug 14, 2020 Abusing MacOS Entitlements for code execution
impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

guest

May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf

hypervisors

Apr 13, 2020 How anti-cheats detect system emulation
daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye

kernel

Jan 12, 2021 Hiding execution of unsigned code in system threads
drew in kernel, windows, anti-cheats

lifting

Sep 8, 2021 Tickling VMProtect with LLVM: Part 3
fvrmatteo in lifting, llvm, vmprotect
Sep 8, 2021 Tickling VMProtect with LLVM: Part 2
fvrmatteo in lifting, llvm, vmprotect
Sep 8, 2021 Tickling VMProtect with LLVM: Part 1
fvrmatteo in lifting, llvm, vmprotect

llvm

Oct 21, 2024 'Reflections on Trusting Trust', but completely by accident this time
duk in llvm
Dec 24, 2023 RISC-Y Business: Raging against the reduced machine
mrexodia, oopsmishap in obfuscation, windows, llvm
Sep 8, 2021 Tickling VMProtect with LLVM: Part 3
fvrmatteo in lifting, llvm, vmprotect
Sep 8, 2021 Tickling VMProtect with LLVM: Part 2
fvrmatteo in lifting, llvm, vmprotect
Sep 8, 2021 Tickling VMProtect with LLVM: Part 1
fvrmatteo in lifting, llvm, vmprotect
Apr 9, 2021 A look at LLVM - comparing clamp implementations
duk in llvm

macos

Aug 14, 2020 Abusing MacOS Entitlements for code execution
impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

memory-corruption

May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

obfuscation

Dec 24, 2023 RISC-Y Business: Raging against the reduced machine
mrexodia, oopsmishap in obfuscation, windows, llvm
Aug 8, 2022 Improving MBA Deobfuscation using Equality Saturation
fvrmatteo, mrphrazer in synthesis, obfuscation

pwn

May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
Apr 20, 2021 CVE-2021-30481: Source engine remote code execution via game invites
floesen in source-engine, binary-exploitation, pwn
Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf
Oct 30, 2020 Wormable remote code execution in Alien Swarm
mev in binary-exploitation, pwn
Jul 1, 2020 Windows Telemetry service elevation of privilege
Jonas L in exploit, pwn, windows
Apr 23, 2020 From directory deletion to SYSTEM shell
Jonas L in exploit, pwn, windows
Apr 15, 2020 SQL Injecting FlyFF MMO
qfrtt in pwn

reverse-engineering

Apr 3, 2021 How Runescape catches botters, and why they didn't catch me
vmcall in automation, reverse-engineering, game-hacking
Jul 6, 2020 BattlEye client emulation
vmcall in battleye, reverse-engineering, anti-cheats
Jun 19, 2020 Cracking BattlEye packet encryption
yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft
May 12, 2020 Abusing DComposition to render on external windows
yousif in windows, reverse-engineering
Apr 28, 2020 Why anti-cheats block overclocking tools
daax in windows, reverse-engineering
Apr 16, 2020 How Escape from Tarkov ensures game integrity
vmcall in battleye, reverse-engineering, anti-cheats
Apr 13, 2020 How anti-cheats detect system emulation
daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
Apr 10, 2020 Kernel debugging in seconds with Vagrant
invokestatic in windows, debugging, tooling, reverse-engineering
Mar 31, 2020 BattlEye reverse engineer tracking
vmcall in battleye, reverse-engineering, anti-cheats
Feb 26, 2020 Bypassing BattlEye from user-mode
yousif in battleye, reverse-engineering, anti-cheats
Jan 23, 2020 BattlEye communication hook
vmcall in battleye, reverse-engineering, anti-cheats
Jan 12, 2020 BattlEye hypervisor detection
vmcall, daax in battleye, reverse-engineering, anti-cheats
Jan 11, 2020 BattlEye single stepping
vmcall in battleye, reverse-engineering, anti-cheats
Jan 5, 2020 BattlEye stack walking
vmcall in battleye, reverse-engineering, anti-cheats
Jan 5, 2020 BattlEye shellcode updates
vmcall in battleye, reverse-engineering, anti-cheats
Nov 6, 2019 Bypassing kernel function pointer integrity checks
vmcall in windows, reverse-engineering
Oct 18, 2019 Hooking the graphics kernel subsystem
vmcall in windows, reverse-engineering
May 16, 2019 Exam surveillance - the return. (ExamCookie)
vmcall in reverse-engineering
Mar 7, 2019 The nadir of surveillance (Den Digitale Prøvevagt)
vmcall in reverse-engineering
Feb 10, 2019 BattlEye anti-cheat: analysis and mitigation
vmcall in battleye, reverse-engineering, anti-cheats
Jan 24, 2019 Reverse engineering 'Black Desert Online' (2. Speed -> local entity)
vmcall in reverse-engineering, game-hacking
Jan 9, 2019 Reverse engineering 'Black Desert Online' (1. Preface)
vmcall in reverse-engineering, game-hacking

security-bypass

Aug 14, 2020 Abusing MacOS Entitlements for code execution
impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

source-engine

May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
Apr 20, 2021 CVE-2021-30481: Source engine remote code execution via game invites
floesen in source-engine, binary-exploitation, pwn
May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

synthesis

Aug 8, 2022 Improving MBA Deobfuscation using Equality Saturation
fvrmatteo, mrphrazer in synthesis, obfuscation

tooling

Apr 10, 2020 Kernel debugging in seconds with Vagrant
invokestatic in windows, debugging, tooling, reverse-engineering

tpm

Jun 28, 2021 Windows 11: TPMs and Digital Sovereignty
can1357, daax, everdox in windows, tpm, drm

visual-studio

Aug 14, 2020 Abusing MacOS Entitlements for code execution
impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

vmprotect

Sep 8, 2021 Tickling VMProtect with LLVM: Part 3
fvrmatteo in lifting, llvm, vmprotect
Sep 8, 2021 Tickling VMProtect with LLVM: Part 2
fvrmatteo in lifting, llvm, vmprotect
Sep 8, 2021 Tickling VMProtect with LLVM: Part 1
fvrmatteo in lifting, llvm, vmprotect

windows

Dec 24, 2023 RISC-Y Business: Raging against the reduced machine
mrexodia, oopsmishap in obfuscation, windows, llvm
Jun 5, 2023 Abusing undocumented features to spoof PE section headers
x86matthew in windows, PE
Aug 29, 2022 Bootkitting Windows Sandbox
mrexodia, sdoogm in windows, UEFI, bootkit
Jun 28, 2021 Windows 11: TPMs and Digital Sovereignty
can1357, daax, everdox in windows, tpm, drm
May 23, 2021 Preventing memory inspection on Windows
jm in windows, anti-debug
Jan 29, 2021 BitLocker touch-device lockscreen bypass
Abdelhamid Naceri in windows
Jan 20, 2021 Process on a diet: anti-debug using job objects
jm in windows, anti-debug
Jan 15, 2021 BitLocker Lockscreen bypass
Jonas L in windows
Jan 12, 2021 Hiding execution of unsigned code in system threads
drew in kernel, windows, anti-cheats
Jan 4, 2021 New year, new anti-debug: Don't Thread On Me
jm in windows, debugging
Jul 1, 2020 Windows Telemetry service elevation of privilege
Jonas L in exploit, pwn, windows
May 12, 2020 Abusing DComposition to render on external windows
yousif in windows, reverse-engineering
Apr 28, 2020 Why anti-cheats block overclocking tools
daax in windows, reverse-engineering
Apr 23, 2020 From directory deletion to SYSTEM shell
Jonas L in exploit, pwn, windows
Apr 10, 2020 Kernel debugging in seconds with Vagrant
invokestatic in windows, debugging, tooling, reverse-engineering
Nov 6, 2019 Bypassing kernel function pointer integrity checks
vmcall in windows, reverse-engineering
Oct 18, 2019 Hooking the graphics kernel subsystem
vmcall in windows, reverse-engineering