Presented at
Black Hat Europe 2016,
Nov. 3, 2016, 4 p.m.
(60 minutes).
Since win8, Microsoft introduced a variety of exploit mitigations into Windows kernel, such as Kernel DEP,KASLR,SMEP; this made the exploit of Windows kernel much more difficult. Suppose that we find a Windows kernel 0day, which can change from 0 to 1, or 1 to 0 - how can we gain system privileges with it? This presentation will introduce a new common method which can be exploited from win2k to win10 to answer this question.
Presenters:
-
Li Zhou
- A.I and System Security Engineer, Tencent
Li Zhou graduated from Purdue University, West Lafayette. He used to be a System Security Engineer in Tencent. Currently, he is doing research on combining A.I/ML and Security.
-
Yin Liang
- Senior Security Engineer, Tencent
KiDebug has been a security researcher in Tencent since 2012. He has conducted research in vulnerability, exploit for 6 years, involving security software, windows kernel, IE, Flash, and until now has received acknowledgment from Microsoft and Adobe 8 times. This year he participated in Pwn2Own 2016, exploited Flash with SYSTEM privileges in only 3 seconds, and won the Master of PWN title with other members together in Tencent Security Team Sniper.
Links:
Similar Presentations: