Skip to main content
back to List back
on this page

Windows Kernel Exploitation Advanced

post-event
This training has been completed See current trainings here
Intermediate / Advanced
3 Days
Sat 19 Nov - Mon 21 Nov
This training has been completed See current trainings here
Venue:

Holiday In Riyadh Meydan | IHG
Olaya - King Fahed Road, PO Box 18030, Riyadh, 11415, Kingdom of Saudi Arabia

Timings:
  • Registration starts at 8am
  • Training from 9am to 5pm
Topics:
  • Exploit Mitigations 
  • Kernel Address Space Layout Randomization (kASLR)  
  • Understanding kASLR
  • Breaking kASLR using kernel pointer leaks
  • Supervisor Mode Execution Prevention (SMEP) 
  • SMEP concepts  
  • Breaking/bypassing SMEP
  • Kernel Page Table Isolation (KPTI/KVA Shadow)
  • KPTI concepts
  • Breaking/bypassing KPTI
  • Exploitation
  • Stack Buffer Overflow (SMEP & KPTI enabled)
  • Understand the vulnerability
  • Achieving code execution
  • Memory Disclosure
  • Pool Overflow
  • Capture The Flag
  • Miscellaneous
Overview

This course looks into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.

Upon completion of this training, participants will be able to learn:

  • Exploit development process in kernel mode
  • Mitigation bypasses
  • Pool Feng-Shui
  • Arbitrary Read/Write primitive

Students are required to bring their own laptop that meets the following specs

  • A laptop capable of running two virtual machines simultaneously (8 GB+ of RAM)
  • 40 GB free hard drive space
  • VMware Workstation/Player installed
  • Everyone should have Administrator privilege on their laptop

What students will be provided with

  • Training slides
  • Scripts and code samples
  • BSOD t-shirt
Who should attend?
  • Information security professional
  • Bug hunters & Red teamers
  • User-mode exploit developers
  • Windows driver developers & testers
  • Anyone with interest in understanding Windows Kernel exploitation
  • Ethical hackers and penetration testers looking to upgrade their skill-set to the kernel level