Windows Notification Facility - Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet

Windows Notification Facility - Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet

Black Hat via YouTube Direct link

WinDBG Custom Extension

20 of 34

20 of 34

WinDBG Custom Extension

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Windows Notification Facility - Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 About Alex lonescu
  3. 3 What is WNF?
  4. 4 Why does WNF exist?
  5. 5 State Name Lifetime
  6. 6 State Scopes
  7. 7 Sequence Numbers
  8. 8 Registering a WNF State Name
  9. 9 Publishing WNF State Data
  10. 10 Consuming WNF Data
  11. 11 WNF Notifications
  12. 12 High Level API
  13. 13 Notification Callback
  14. 14 Kernel API
  15. 15 WNF Name Instance
  16. 16 WNF Scope Instance
  17. 17 WNF Scope Map
  18. 18 WNF Subscription
  19. 19 WNF Process Context
  20. 20 WinDBG Custom Extension
  21. 21 The O-byte Write
  22. 22 The Privileged Disclosure
  23. 23 The Modern App Launcher Blocker
  24. 24 The Crashing Service
  25. 25 Discovering State Names and Permissions
  26. 26 Discovering Volatile Names
  27. 27 Brute Forcing Security Descriptors
  28. 28 Creating custom WNF State Names
  29. 29 EDR/AM Visibility Options
  30. 30 Controlling the System with WNF
  31. 31 Interesting Insider Settings
  32. 32 Injecting Code with WNF
  33. 33 Modifying Callbacks/Contexts for Code Redirection
  34. 34 Key Takeaways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.