Skip to main content

#HITB2013AMS D1T2 Nikita Tarakanov - Exploiting Hardcore Pool Corruptions in MS Windows Kernel

Movies Preview

movies

#HITB2013AMS D1T2 Nikita Tarakanov - Exploiting Hardcore Pool Corruptions in MS Windows Kernel

by
Hack In The Box Security Conference

Publication date
Topics
Youtube, video, Science & Technology, zero bytes, corruption, windows NT, tarjei mandt, Windows XP (Operating System), bsod, microsoft, hitbsecconf, windows XP, crazy wild russian, nikita tarakanov, Amsterdam, kernel, tarakanov, windows 8, overflow, hackinthebox, windows 7, windows, vulnerabilities, hitb, windows 95, Hitb2013ams, sandbox,
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Each new version of Windows OS Microsoft enhances security by adding security mitigation mechanisms -- Kernel land vulnerabilities are getting more and more valuable these days. For example, the easy way to escape from a sandbox (Google Chrome sandbox for example) is by using a kernel vulnerability. That's why Microsoft struggles to enhance security of Windows kernel. Kernel Pool allocator plays significant role in security of whole kernel. Since Windows 7, Microsoft started to enhance the security of the Windows kernel pool allocator. Tarjei Mandt aka @kernelpool has done a great job in analyzing the internals of the Windows kernel pool allocator and found some great attack techniques, mitigations bypasses etc. In Windows 8 however, Microsoft has eliminated almost all reliable techniques of exploiting kernel pool corruptions. An attack technique by Tarjei needs a lot of prerequisites to be successful and there are a lot of types of pool corruptions where his techniques don't work unfortunately. What if there is no control over overflown data? What if there is constant (zero bytes) and you have no chance to apply one of Tarjei's techniques? What if there is uncontrolled continuous overflow and #PF and BSOD is unavoidable? So what to do? Commit suicide instantly? NO! Come and see this talk! We present a technique of 100% reliable exploitation of kernel pool corruptions which covers all flavors of Windows from NT 4.0 to Windows 8. ABOUT NIKITA TARAKANOV Nikita Tarakanov is an independent information security researcher who has worked as an IS researcher in Positive Technologies, VUPEN Security and CISS. He likes writing exploits, especially for Windows NT Kernel and won the PHDays Hack2Own contest in 2011 and 2012. He also tried to hack Google Chrome during Pwnium 2 at HITB2012KUL but failed. He has published a few papers about kernel mode drivers and their exploitation and is currently engaged in reverse engineering research and vulnerability search automation.

Source: https://www.youtube.com/watch?v=2yuza8PRGVQ
Uploader: Hack In The Box Security Conference
Addeddate
2019-05-15 07:52:31
Identifier
youtube-2yuza8PRGVQ
Originalurl
https://www.youtube.com/watch?v=2yuza8PRGVQ
Scanner
Internet Archive Python library 1.8.4
Year
2013

plus-circle Add Review
comment
Reviews

There are no reviews yet. Be the first one to write a review.

30 Views

DOWNLOAD OPTIONS

download 1 file
ITEM TILE download
download 1 file
JPEG download
download 1 file
MPEG4 download
download 1 file
OGG VIDEO download
download 1 file
TEXT download
download 1 file
TORRENT download
download 1 file
WEB VIDEO TEXT TRACKS download
download 55 Files
download 12 Original
SHOW ALL

IN COLLECTIONS

Hack In The Box Security Conference Hacker Conferences

Uploaded by narabot on

SIMILAR ITEMS (based on metadata)

Terms of Service (last updated 12/31/2014)