Presented at
ToorCon San Diego 18 (2016),
Oct. 15, 2016, 1 p.m.
(50 minutes).
As userland security protections have become more robust, vulnerability research has increasingly focused on the kernel as a way to circumvent userland protections such as sandboxes. In this presentation, we catalog exploitation techniques that can be used to turn various exploit primitives in the Windows kernel into useful escalations of privilege. We briefly cover the internals of the Windows security model and identify kernel structures that are interesting from an exploitation point of view. This includes select case studies of recent Windows kernel vulnerabilities as well as demonstrations of exploit techniques that can be used to gain arbitrary ring-0 code execution or SYSTEM shells.
Presenters:
-
Braden Hollembaek
Braden Hollembaek - Braden is a senior security consultant for NCC Group with a focus on blackbox binary testing and C/C++ code review. Braden has performed a range of security research on topics such as Windows kernel driver security, binary reverse engineering, fuzzer development, and applied TLS security. This research has resulted in security advisories, open source tool releases, presentations at industry conferences, and academic publications.
-
Adam Pond
Adam Pond is a security consultant at NCC group with a focus on native application security testing and reverse engineering. Adam has performed security research in the following areas: Windows kernel drivers, Windows binary reverse engineering, and IDA Python plugin development. This research has resulted in security advisories, open source tool releases, and presentations at security conferences.
Similar Presentations: