Patching the NT Kernel to Remove all Security
As a general rule, some of the best patches are very simple in nature. A good patch may be only a few bytes long. This is certainly the case with the NT kernel. It is possible to patch the kernel and remove all security with, literally, just a few well-placed bytes. This trick was published by one of us (Hoglund) several years ago. Since then, multiple sources have reported optimizing the kernel patch to a singe byte. In one case, the difference between the original byte and the patched byte is actually only 2 bits! This leads to a very amusing "2-bit hack" to the NT OS. The idea that a single strategic bit flip can cause such a far-reaching and catastrophic result to the security of a system is very telling. Perhaps NT security is only worth two bits after all!
That was an excerpt from: "Exploiting Software, How to Break Code"
As a general rule, some of the best patches are very simple in nature. A good patch may be only a few bytes long. This is certainly the case with the NT kernel. It is possible to patch the kernel and remove all security with, literally, just a few well-placed bytes. This trick was published by one of us (Hoglund) several years ago. Since then, multiple sources have reported optimizing the kernel patch to a singe byte. In one case, the difference between the original byte and the patched byte is actually only 2 bits! This leads to a very amusing "2-bit hack" to the NT OS. The idea that a single strategic bit flip can cause such a far-reaching and catastrophic result to the security of a system is very telling. Perhaps NT security is only worth two bits after all!
That was an excerpt from: "Exploiting Software, How to Break Code"
