CanSecWest: Security Masters Dojo Vancouver
Windows Kernel Exploitation Foundations
Register for the March 14-15, 2020 (2-day course)
Instructor(s):
Ashfaq Ansari "@HackSysTeam"
Overview
This is a fast paced course designed to introduce attendees to Windows Kernel Exploitation.
We will cover the basics of Windows Kernel Internals and hands-on fuzzing of Windows Kernel Mode drivers. We will deep-dive into exploit development of Pool based buffer overflow vulnerability in Kernel driver.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Key Learning Objectives
Upon completion of this training, participants will be able to:
- Learn basics of Windows Internals
- Understand how to fuzz Windows Kernel mode drivers to find vulnerabilities
- Learn the exploit development process in Kernel mode
What to Expect:
- Fast & quick overview of Windows Internals
- WinDbg-Fu
- Windows Kernel Drivers basics/IOCTL/IRP
- Techniques to exploit Windows Kernel/Driver vulnerabilities
What Not to Expect:
- Becoming an elite Kernel Hacker in two/three day(s)
- Basics of ASM/C/Python
Course Content
Windows Internals- Windows NT Architecture
- Executive and Kernel
- Hardware Abstraction Layer (HAL)
- Privilege Rings
- Virtual Address Space
- Memory Pool
- Pool Allocator
- User Mode vs Privileged Mode
- User Mode Exploit Mitigations
- I/O Request Packet (IRP)
- I/O Control Code (IOCTL)
- Data Buffering
- IOCTL Fuzzing
- Pool Overflow
- Escalation of Privilege Payload
- Kernel Recovery
- Q/A and Feedback
Who should attend?
Information Security Professionals, anyone with an interest in understanding Windows Kernel exploitation, Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the kernel level.
Prerequisites
- Basics of User Mode Exploitation
- Basics of x86 Assembly and C/Python
- Familiarity with Vmware/VirtualBox
- Familiarity with WinDbg
- Patience
Hardware & Software Requirement
A laptop capable of running two virtual machines simultaneously (8 GB of RAM) and 40 GB free hard drive space. Everyone should have Administrator privilege on their laptop.











