Diving Into Development of Microsoft Windows Kernel Exploits

Nikita Tarakanov | August 2-3


On This Page


Overview

Course Agenda:

First day:
• Setting up the enviroment
• Basics of Kernel Debugging with Windbg
• Microsoft Kernel Vulnerabilites Overview
• Null Pointer Dereference Exploitation
• Arbitrary Memory Overwrite Exploitation
• Stack-Based Buffer Overflow Exploitation

Second day:
• Recent Exploit Mitigation Technologies Overview
• Pool Overflow/Corruption Exploitation
• Hardcore Pool Overflow/Corruption Exploitation
• Race Condition Exploitation


Who Should Take This Course

People that are interested in development kernel exploits for Microsoft Windows, as well who is interested in development sandbox bypass exploits.


Student Requirements

Training attendees should be familiar with basic operating system concepts and have hands-on experience using the Windows operating system. Attendees should be familiar with the Win32 API, C (or derived) programming language and have basic knowledge of x86/x86-64 assembly language.


What Students Should Bring

Hardware:
• 64-bit machine with at least 4GB of RAM (8BG and more is better)

Software:
• IDA Pro
• Visual Studio 2012 (at least Visual express c++)
• Virtualization software:
• VMWare Player (at least version 5.0) or Workstation (at least version 9.0)
• Ability to debug a virtual machine from Host O.S or from another virtual machine with Windbg


What Students Will Be Provided With

• VM samples
• Kernel exploits


Trainers

Nikita Tarakanov is an independent information security researcher who has worked as an IS researcher in Positive Technologies, VUPEN Security and CISS. He likes writing exploits, especially for Windows NT Kernel and won the PHDays Hack2Own contest in 2011 and 2012. He also tried to hack Google Chrome during Pwnium 2 at HITB2012KUL but failed. He has published a few papers about kernel mode drivers and their exploitation and is currently engaged in reverse engineering research and vulnerability search automation.