Overview
Syllabus
Intro
Windows 8 Back-end (cont.)
Back-end Mitigation II
Windows 8 Randomization
Windows 8 Front-End Allocation III UserBlocks
Win 7 vs Win 8 Allocation
Windows 8 Front-End Mitigation III
Windows Front-End Mitigation IV
Bitmap Flipping 2.0
_HEAP_USERDATA_HEADER Attack
Pool Types
Pool Header
Windows 8 Kernel Pool
NX Pool Descriptor
Kernel Pool Cookie
Windows 8 Pool Cookie Initialization
Boot Entropy
Process Pointer Attack
Process Pointer Encoding
Lookaside Pointer Attacks
Lookaside Pointer Encoding
Cache Aligned Allocations
Cache Aligned Allocation Cookie
Safe Unlinking
Safe (Un)linking in Windows 8
Poolindex Attack
Summary
Block Size Attacks
BlockSize/Previous Size
BlockSize Attack Steps
Split Chunk Pool Allocation
Split Fragment Attack Steps
Determinism
User Land Closing Notes
Kernel Pool Closing Notes
Taught by
Black Hat