Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Using ALPC Security Features to Compromise RPC Services

DEFCONConference via YouTube

Overview

Learn about Windows kernel security vulnerabilities in this conference talk that delves deep into Advanced Local Procedure Call (ALPC) and Remote Procedure Call (RPC) services. Explore the intricate communication mechanisms between ALPC and RPC, including previously undisclosed details about marshal/unmarshal processes. Discover how security flaws in ALPC kernel security mechanisms can be exploited to gain system privileges from unauthorized users. Follow along as the speakers analyze historical bugs, reveal new vulnerability findings, and demonstrate multiple exploitation techniques. Gain valuable insights into this attack surface, including practical tips for bug hunting and understanding the security implications of Windows kernel features. The presentation builds upon previous research, referencing works like the ALPC-RPC analysis from Hack.lu 2017 and Windows Error Reporting exploits, while providing fresh perspectives on kernel security mechanisms.

Syllabus

DEF CON 32 - Using ALPC security features to compromise RPC services - WanJunJie Zhang, Yisheng He

Taught by

DEFCONConference

Reviews

Start your review of Using ALPC Security Features to Compromise RPC Services

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.