Windows Kernel Exploitation Advanced
post-event
This training has been completed
See current trainings here
Intermediate / Advanced
3 Days
Sat 19 Nov - Mon 21 Nov
This training has been completed
See current trainings here
Venue:
Holiday In Riyadh Meydan | IHG
Olaya - King Fahed Road, PO Box 18030, Riyadh, 11415, Kingdom of Saudi Arabia
Timings:
- Registration starts at 8am
- Training from 9am to 5pm
Topics:
- Exploit Mitigations
- Kernel Address Space Layout Randomization (kASLR)
- Understanding kASLR
- Breaking kASLR using kernel pointer leaks
- Supervisor Mode Execution Prevention (SMEP)
- SMEP concepts
- Breaking/bypassing SMEP
- Kernel Page Table Isolation (KPTI/KVA Shadow)
- KPTI concepts
- Breaking/bypassing KPTI
- Exploitation
- Stack Buffer Overflow (SMEP & KPTI enabled)
- Understand the vulnerability
- Achieving code execution
- Memory Disclosure
- Pool Overflow
- Capture The Flag
- Miscellaneous
Overview
This course looks into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.
Upon completion of this training, participants will be able to learn:
- Exploit development process in kernel mode
- Mitigation bypasses
- Pool Feng-Shui
- Arbitrary Read/Write primitive
Students are required to bring their own laptop that meets the following specs
- A laptop capable of running two virtual machines simultaneously (8 GB+ of RAM)
- 40 GB free hard drive space
- VMware Workstation/Player installed
- Everyone should have Administrator privilege on their laptop
What students will be provided with
- Training slides
- Scripts and code samples
- BSOD t-shirt
Who should attend?
- Information security professional
- Bug hunters & Red teamers
- User-mode exploit developers
- Windows driver developers & testers
- Anyone with interest in understanding Windows Kernel exploitation
- Ethical hackers and penetration testers looking to upgrade their skill-set to the kernel level