Windows Kernel Vulnerability Research and Exploitation - Gilad Bakas

With the development in recent years of anti-exploitation security measures like ASLR, DEP and Integrity Levels, we're approaching the point where exploiting bugs in the Kernel, where most of these security measures are either absent or easy to overcome, becomes both easier and more reliable than exploiting user-mode code.

In parallel, the introduction of Hardware Acceleration and sophisticated graphics and multimedia features into browsers and other user application, as well as a general move of more and more code from User to Kernel, increases the number of interfaces between User and Kernel code and provides a much wider attack surface for exploitation.

In this presentation we will:

* Talk about the differences between Kernel and User exploitation
* Learn how to find vulnerabilities in the Kernel
* Present different exploitation techniques and tricks
* Walk through and demonstrate a previously unpublished (but fixed) Kernel Privilege Escalation exploit.