applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Windows Kernel Exploitation - Advanced

Register for the March 12-13, 2-day course

Instructor(s):
Ashfaq Ansari

Description:

This training is the advanced version of the Kernel Exploitation Foundation course. In this course we will use Windows 10 RS2 x64 for all the labs.

This course starts with the changes in Windows 10 RS2, hands-on fuzzing of the Windows kernel mode driver (different driver than one used in Foundation course). We will understand Pool Internals in order to groom pool memory from user mode for reliable exploitation of pool-based vulnerabilities.

We will look into how we can bypass KASLR using kernel pointer leaks, and will do hands-on exploitation using a Data-Only attack, which effectively bypasses SMEP and other exploit mitigation.

This training assumes that the attendees have either taken Foundation course or have basic understanding of operating system concepts, familiar with software debugging, and knowledge about exploitation of vulnerabilities in user mode.

What to Expect?

Key Learning Objectives:

Upon completion of this training, participants will be able to:

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Course Modules:

Day 1
Windows 10

Fuzzing Windows Drivers (Hands-On) Exploit Mitigations Pool Exploitation (Hands-On)

Day 2
Quick Revision

Exploitation CTF Miscellaneous

Pre-requisites:

Attendees should have either taken the Kernel Exploitation Foundation course on March 10-11, or have basic understanding of operating system concepts, familiar with software debugging, and knowledge about exploitation of vulnerabilities in user mode.

What you will need to bring:

Hardware & Software Requirements:

Students will be provided with:

Who Should Attend:

Windows Kernel Exploitation Foundation attendees, Bug Hunters & Red Teamers, User Mode Exploit Developers, Windows Driver Developers & Testers, anyone with an interest in understanding Windows Kernel exploitation, Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the kernel level.