Data Only Pwning Microsoft Windows Kernel

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=ZpFlNKOeXcA


Duration: 25:01
5 views
0

Each new version of Windows OS Microsoft enhances security by adding security mitigation mechanisms - Kernel land vulnerabilities are getting more and more valuable these days. For example, the easy way to escape from a sandbox is by using a kernel vulnerability. That's why Microsoft struggles to enhance security of Windows kernel.

Kernel pool allocator plays a significant role in security of whole kernel. Since Windows 7, Microsoft started to enhance the security of the Windows kernel pool allocator. In Windows 8, Microsoft has eliminated almost all reliable (previously published) techniques of exploiting kernel pool corruptions.

Then Microsoft eliminated "0xBAD0B0B0" technique in Windows 8.1, and there is no easy technique to exploit Pool Overflows on Windows 8.1 at the moment.

The brand new exploitation technique uses some tricks to convert pool overflow in several primitives:

1. Arbitrary memory read/write
2. Hijack of execution flow
3. Adjacent read/write

This talk presents a new technique of exploiting pool overflows, with very interesting effect: elevating privileges without executing any kernel shellcode or using ROP.

PRESENTED BY
Nikita Tarakanov

Black Hat - USA - 2014 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-03When the Lights Go Out Hacking Cisco EnergyWise
2022-01-03The State of Incident Response by Bruce Schneier
2022-01-03Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs
2022-01-03Smart Nest Thermostat A Smart Spy in Your Home
2022-01-03Thinking Outside the Sandbox Violating Trust Boundaries in Uncommon Ways
2022-01-03Why Control System Cyber Security Sucks
2022-01-02The Networked Security State Estimation Toolkit
2022-01-02Cybersecurity as Realpolitik by Dan Geer presented at Black Hat USA 2014
2022-01-02BadUSB On Accessories that Turn Evil by Karsten Nohl Jakob Lell
2022-01-02Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces
2022-01-02Data Only Pwning Microsoft Windows Kernel
2022-01-0248 Dirty Little Secrets Cryptographers Don't Want You To Know
2022-01-02Defeating the Transparency Feature of DBI
2022-01-02Fingerprinting Web Application Platforms by Variations in PNG Implementations
2022-01-02802 1x and Beyond
2022-01-02From Attacks to Action Building a Usable Threat Model to Drive Defensive Choices
2022-01-02Bitcoin Transaction Malleability Theory in Practice
2022-01-02A Journey to Protect Points of Sale
2022-01-02Extreme Privilege Escalation on Windows 8 UEFI Systems
2022-01-02Babar ians at the Gate Data Protection at Massive Scale
2022-01-02Exposing Bootkits with BIOS Emulation


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
virus
hack
online
password
code
web
concept
protection
network
scam
fraud
malware
secure
identity
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Nikita Tarakanov
microsoft
pwning
kernal