Delve into an intriguing Black Hat conference talk that examines a unique kernel exploit primitive. Learn how Microsoft Security Response Center investigates unusual bug classes, focusing on an arbitrary kernel pointer read primitive where attackers cannot retrieve the content of the memory read. Discover the potential impact of this seemingly limited primitive, traditionally associated with Denial of Service or second-order Kernel Memory Information Disclosure. Explore whether such a restricted primitive could be exploited for code execution or privilege escalation. Gain insights from security experts Rohit Mothe and Andrew Ruddick as they present their findings in this 33-minute presentation.
Overview
Syllabus
Exploring a New Class of Kernel Exploit Primitive
Taught by
Black Hat
Related Courses
-
Your Trash Kernel Bug, My Precious 0-day
-
The Price of Compatibility - Defeating macOS Kernel Using Extended File Attributes
-
Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019
-
KR^X - Comprehensive Kernel Protection Against Just-In-Time Code Reuse
-
Cautious - A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe
-
Check Your Privilege Escalation
