Explore a comprehensive analysis of vulnerabilities in Windows 10's SecureKernel, a critical component of Microsoft's Virtualization Based Security (VBS) model. Delve into the discovery and exploitation of two vulnerabilities that could compromise the entire VBS system by allowing arbitrary code execution in VTL1. Follow the presenters' step-by-step process of exploiting these vulnerabilities on the latest Windows version, gaining insights into the intricacies of virtualization stack security. Learn about SecureKernel Pool, Pull Allocations, Push Shipping, and various MDR concepts. Witness live demonstrations of exploitation techniques, including kmdl safe structures, mdl free idea, and pt allocator target structure. Gain valuable knowledge about the potential weaknesses in virtualization-based security technologies and the importance of continuous improvement in software stack security.
Overview
Syllabus
Introduction
First Vulnerability
SecureKernel Pool
Pull Allocations
Push Shipping
Undo MDR
Ascii MDR
LeftArm Context
PowerMdl
RedWhatWhere
Summary
Demo
Demonstration
skmdl
safe
structures
mdl
free idea
pt allocator
target structure
in action
crash
conclusion
Questions
Taught by
Black Hat
