Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Windows Heap-backed Pool - The Good, the Bad, and the Encoded

Black Hat via YouTube

Overview

Explore the intricacies of the Windows kernel pool in this 39-minute Black Hat conference talk. Delve into the recent changes to the Windows kernel pool structure, transitioning from simple, easily readable designs to a more complex architecture. Examine how these modifications impact assumptions, exploits, tools, and debugger extensions. Investigate the potential new attack surfaces that may have emerged as a result of these changes. Learn about kernel APIs, pre-RS5 structures, RS5 structures, size considerations, segment contexts, heap page segments, ranges, LFH buckets, and exploitation techniques. Discover the implemented mitigations, benefits of the new design, and the concept of the Secure Pool. Gain insights into pool analysis tools and their applications in this evolving landscape of Windows kernel security.

Syllabus

Introduction
What is the kernel pool
Kernel APIs
Before RS5
RS5 Structure
Size Matters
Seg Context
Seg Segments
Heap Page Segment
Ranges
LFH vs
LFH buckets
Exploitation
Mitigations
Benefits
The Secure Pool
Pool Analysis Tools
Conclusion

Taught by

Black Hat

Reviews

Start your review of Windows Heap-backed Pool - The Good, the Bad, and the Encoded

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.