Explore a novel approach to exploiting Windows kernel vulnerabilities in this 32-minute Black Hat conference talk. Learn how to bypass Microsoft's exploit mitigations introduced since Windows 8, including Kernel DEP, KASLR, and SMEP. Discover a common method applicable from Windows 2000 to Windows 10 that leverages a hypothetical 0-day vulnerability capable of flipping bits. Delve into topics such as Hell Dispatch Table, protections, shared infrastructure, Window objects, and escalation techniques. Gain insights from security researchers Li Zhou and Yin Liang as they demonstrate how to achieve system privileges despite enhanced security measures.
Overview
Syllabus
Introduction
Outline
Team
Zero to One
Hell Dispatch Table
Protections
Advantages
Shared Infrastructure
Window Object
Window Extra
Window Extra Size
Read Window Data
Escalation
Menu
Summary
Taught by
Black Hat