Overview
This course aims to teach learners about the new and complex design of the Windows kernel pool, which has changed from simple structures to a more intricate system. The course explores how these changes can impact assumptions, exploits, and tools, potentially opening up a new attack surface.
Students will learn about the kernel pool, kernel APIs, RS5 structure, Seg Context, Seg Segments, LFH vs LFH buckets, exploitation techniques, mitigations, and the benefits of the Secure Pool. The teaching method includes a presentation by the instructor, Yarden Shafir, and covers topics such as pool analysis tools.
This course is intended for individuals interested in cybersecurity, Windows kernel development, exploit development, and understanding the implications of changes in the Windows kernel pool design.
Syllabus
Introduction
What is the kernel pool
Kernel APIs
Before RS5
RS5 Structure
Size Matters
Seg Context
Seg Segments
Heap Page Segment
Ranges
LFH vs
LFH buckets
Exploitation
Mitigations
Benefits
The Secure Pool
Pool Analysis Tools
Conclusion
Taught by
Black Hat