Course Description
Course contents
- Day 1
- Windows 10
- Architecture
- Fuzzing Windows Drivers (Hands-On)
- Locating IOCTLs in Windows Drivers
- Locating input entry points
- Writing scripts to fuzz the discovered IOCTLs
- Exploit Mitigations
- Kernel Address Space Layout Randomization (kASLR)
- Understanding kASLR
- Breaking kASLR using kernel pointer leaks
- Supervisor Mode Execution Prevention (SMEP)
- SMEP concepts
- Breaking/bypassing SMEP
- Kernel Address Space Layout Randomization (kASLR)
- Pool
- Internals
- Tracing object allocations
- Feng-Shui (Lookaside List & ListHeads List)
- Exploitation (Hands-On)
- Pool Overflow
- Windows 10
- Day 2
- Quick Revision
- kASLR
- SMEP
- Feng-Shui
- Exploitation
- Pool Overflow (continued)
- Achieving arbitrary read/write primitive (Data-only attack)
- Gaining local privilege escalation
- Different places to corrupt
- Arbitrary Memory Overwrite
- Achieving arbitrary read/write primitive (Data-only attack)
- Gaining local privilege escalation
- Pool Overflow (continued)
- Quick Revision
- Day 3
- Quick Revision
- Pool Overflow
- Data-only attacks
- Exploitation CTF
- Write exploit for a known Windows 10 kernel vulnerability (CVE)
- Miscellaneous
- Assignment to write a blog post about the vulnerability exploited during CTF
- Q/A and Feedback
- Quick Revision
Target audience
- Windows Kernel Exploitation Foundation attendees
- Bug Hunters & Red Teamers
- User Mode Exploit Developers
- Windows Driver Developers & Testers
- Anyone with an interest in understanding Windows Kernel exploitation
- Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the kernel level
Requirements
- Basic operating system concepts
- Good understanding of user mode exploitation
- Basics of x86/x64 Assembly and C/Python
- Patience
Hardware/Software Requirements
- 8 GB Flash drive
- A laptop capable of running two virtual machines simultaneously (8 GB+ of RAM)
- 40 GB free hard drive space
- Vmware Workstation/Player installed
- Everyone should have Administrator privilege on their laptop
Trainer Biography
Ashfaq Ansari is the founder of HackSys Team code named “Panthera”. He has experience in various aspects of Information Security. He has authored “HackSys Extreme Vulnerable Driver” and “Shellcode of Death”. He has also written and published various white papers on low level software exploitation. His core interest lies in Low Level Software Exploitation both in User and Kernel Mode, Vulnerability Research, Reverse Engineering, Program Analysis and Hybrid Fuzzing. He is a fan boy of Artificial Intelligence and Machine Learning. He is the chapter lead for null (Pune).