Explore the intricacies of attacking Windows OEM kernel drivers in this comprehensive conference talk from Derbycon 2016. Delve into driver quarry techniques, fuzzing methodologies, and crash analysis using Driver Verifier. Learn to identify exploitable vulnerabilities, analyze IO Request Packets, and leverage WDF tools for driver examination. Discover real-world examples involving Lenovo drivers and Apple-related exploits. Gain insights into memory manipulation, local denial of service attacks, and secret extraction techniques. Examine locker systems, cloud-based options, and decryption strategies. Conclude with a summary of essential tools and a list of vulnerable drivers uncovered during the presentation.
Overview
Syllabus
Introduction
Driver Quarry
WhenTosh
Drivers
Fuzz
Fuzz Improvements
Fuzz Crashes
Driver Verifier
Being Exploitable
Annalise
IO Request Packet
Design Ideas
Identify Windows Drivers
Identify WDF Functions
WDF Tools
Device Type
API Calls
Lenovo Driver
Tale to Box
Space Division
Memory Gaining
Local Denial Service
Memory Read
MyAppleAmbler
Immortal Function
How Function Call
For Loop
Read Secrets
Locker Overview
Memory
heuristics
cloud options
example
decryption
what would really be like
TLDR
Wrapup
Tools
Drivers you found
Did they make it
