Synaptics/HP keylogger

TL;DR: HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required). Get the list of affected hardware and patch here:

Read More

Exploiting FGuard.sys


Some time ago I looked for a driver to play with. I wanted to find a vuln and to exploit it. After picking a few random drivers from the internet I’ve stumbled upon Folder guard. This application implements folder locking with password, you can read more at: To enforce folder locking FolderGuard leverages legacy file system filter driver fguard32[64].sys.

Read More