Social Engineering the Windows Kernel - Finding and Exploiting Token Handling Vulnerabilities

Explore the intricacies of token handling vulnerabilities in the Windows kernel through this Black Hat conference talk. Delve into social engineering techniques applied to operating system security, focusing on Access Tokens and their role in system authentication. Learn about the kernel's capabilities for identifying fake tokens and the potential consequences when these checks are bypassed. Examine real-world examples of serious vulnerabilities, including CVE-2015-0002 and CVE-2015-0062, and gain insights into exploitable patterns for conducting your own security reviews. Discover methods for exploiting token handling vulnerabilities to elevate local privileges, break out of application sandboxes, and potentially compromise the kernel. Cover key topics such as Windows security components, impersonation security levels, named pipes, NTLM negotiation, and Services for User (S4U). Analyze how kernel code interacts with tokens, common pitfalls in token handling, and recent changes in Windows 10 security measures. Gain valuable knowledge for identifying and mitigating token-related security risks in Windows environments.