Windows drivers attack surface: some 'new' insights

Presented at 32C3 (2015), Dec. 27, 2015, 5:15 p.m. (60 minutes)

This presentation covers windows kernel driver security issues. It'll discuss some background, and then give an overview of the most common issues seen in drivers, covering both finding and fixing issues.

In this presentation I intent to cover a rapid fire set of issues that commonly occur in windows drivers. From the trivial (ioctl, probing) to the obscure and subtle. The presentation will discuss these issues, illustrate them with examples, and offer developer guidance on how to avoid and mitigate these issues.

Whether you're a security researcher, a developer looking for some security guidance when writing these drivers, or just generally curious about driver internals, there's something here for all.

Presenters:

• Ilja van Sprundel
  Ilja van Sprundel is a security researcher that loves to find out new things. He's currently employed by a company called Suresec where he gets to play with all sorts of weird and exciting security technologies.

Links:

• https://fahrplan.events.ccc.de/congress/2015/Fahrplan/events/7510.html

Similar Presentations:

• DEF CON 27 (2019) / Get off the Kernel if you can't Drive
• Black Hat USA 2014 / Windows Kernel Graphics Driver Attack Surface
• ekoparty 14 (2018) / Don't Trust the NIC: Attacking Windows NDIS Drivers