Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Understanding TOCTTOU in the Windows Kernel Font Scaler Engine

Black Hat via YouTube

Overview

Explore the intricacies of TOCTTOU vulnerabilities in the Windows Kernel Font Scaler Engine in this Black Hat conference talk. Delve into the history of the Font Scaler engine, its transition from user mode to kernel mode, and the resulting security implications. Examine the various factors contributing to the engine's vulnerabilities, with a particular focus on Time-of-Check to Time-of-Use (TOCTTOU) issues. Learn about the basic double fetch problem and discover more subtle TOCTTOU vulnerabilities introduced by the font engine's design. Gain insights into advanced exploit techniques, memory allocation, and data structures related to these vulnerabilities. Understand the FSAC routine, GDI graph, and other key components involved in exploiting the Font Scaler engine. This comprehensive presentation covers everything from the background of font rendering to specific attack vectors, providing a thorough understanding of this critical kernel attack surface.

Syllabus

Introduction
Background
Time of Use
Why
How
State Structure
Changing Font File
Changing Character Code
Executing VM Instructions
Conclusions
Questions
Data Structure
Memory Allocation
Advanced Exploit Techniques
Understanding TOCTTOU
First Overrated
Summary
Drawing a Picture
FSAC Routine
BoxBone
While Loop
Patch Tuesday
MAF
Log
Precompute
GDI
Graph

Taught by

Black Hat

Reviews

Start your review of Understanding TOCTTOU in the Windows Kernel Font Scaler Engine

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.