Delve into an intriguing Black Hat conference talk that examines a unique kernel exploit primitive. Learn how Microsoft Security Response Center investigates unusual bug classes, focusing on an arbitrary kernel pointer read primitive where attackers cannot retrieve the content of the memory read. Discover the potential impact of this seemingly limited primitive, traditionally associated with Denial of Service or second-order Kernel Memory Information Disclosure. Explore whether such a restricted primitive could be exploited for code execution or privilege escalation. Gain insights from security experts Rohit Mothe and Andrew Ruddick as they present their findings in this 33-minute presentation.
Overview
Syllabus
Exploring a New Class of Kernel Exploit Primitive
Taught by
Black Hat