Tuesday 28th May, 2013
2:50pm to 3:40pm
Each new version of Windows OS Microsoft enhances security by adding security mitigation mechanisms.
Kernel land vulnerabilities are getting more and more valuable these days. For example, the easy way to escape from a sandbox (Google Chrome sandbox for example) is by using kernel vulnerability.
That’s why Microsoft struggles to enhance security of Windows kernel. Kernel Pool allocator plays significant role in security of whole kernel. Since Windows 7 Microsoft started to enhance security of kernel pool allocator.
Kernelpool aka Tarjei Mandt has done great job on analyzing internals of kernel pool allocator, which includes great attack techniques, mitigations bypasses etc. In windows 8 Microsoft has eliminated almost all reliable techniques of exploiting kernel pool corruptions. However, attack techniques by Tarjei need a lot of prerequisites to get success. There are a lot of types of pool corruptions where these techniques don’t work, unfortunately.
What if there is no control over overflown data?
What if there is constant(zero bytes) and you have no chance to apply one of Tarjei’s techniques?
What if there is uncontrolled continuous overflow and #PF and BSOD is unavoidable?
So what to do?
Commit suicide instantly?
Come and see this talk!
This talk presents technique of 100% reliable exploitation of kernel pool corruptions.
This unique technique works since NT 4.0 to Windows 8 including.
Vulnerability Assassin.Crazy Wild Russian.Aligner of stars.Отморозок на nightmare. Вы всё ещё верите написанному кириллицей? bio from Twitter
Sign in to add slides, notes or videos to this session