Dive deep into Windows kernel exploitation through an analysis of two new exploits demonstrated at Pwn2Own. Explore the current state and evolution of Windows kernel security, focusing first on the Cloud Filter component and a use-after-free vulnerability in its Filter Communication Port interface. Learn how this vulnerability was exploited to hijack kernel code execution and escalate privileges to SYSTEM. Review current kernel mitigations, their weaknesses, and the future of kernel security, including KASLR, SMAP, SMEP, CET, and CFG. Examine a second exploit involving a logical bug that defeats most mitigations by allowing direct read and write access to kernel virtual memory. Gain insights from Thomas Imbert, a security engineer at Synacktiv with expertise in reverse engineering and vulnerability research, particularly in Windows operating systems.
A Deep Dive Into Two Windows Exploits Demonstrated at Pwn2Own
Hack In The Box Security Conference via YouTube
Overview
Syllabus
#HITB2023HKT D2T1 - A Deep Dive Into Two (Windows) Exploits Demonstrated At Pwn2Own - Thomas Imbert
Taught by
Hack In The Box Security Conference