Remote Windows Kernel Exploitation - Step Into the Ring 0
Offered By: Black Hat via YouTube
Course Description
Overview
Explore remote Windows kernel exploitation techniques in this Black Hat USA 2005 conference talk by Barnaby Jack. Dive into Ring 0 operations, covering topics such as the Colonel exploit, user API interactions, firewall considerations, and exception handling. Learn about memory dump analysis, redirect execution, and clean return methods. Examine the Send vulnerability, kernel heap overflow techniques, and the Colonel Loader. Discover how to predict stack behavior, implement userland shells, and utilize Ring 3 mapping. Witness the Bomberfish demo and explore Colonel keylogging capabilities, including keystroke capture and interrupt vector manipulation. Investigate methods for overriding kernel code and the Interrupt Descriptor Table (IDT). Gain insights into modular structure, ICMP echo handlers, and custom keyboard handlers. Delve into Colonel payloads, real mode operations, and techniques for preventing interruptions. Master the intricacies of remote Windows kernel exploitation to enhance your understanding of system vulnerabilities and protection mechanisms.
Syllabus
Introduction
Overview
Colonel
Exploit
User API
Firewall Considerations
Exception Handling
Memory Dump Analysis
Redirect Execution
Clean Return
Send Vulnerability
Kernel Heap Overflow
Overwrite
Colonel Loader
GetProcAddress
Predict Stack
Dispatch Level
Userland Shell
Ring 3 Map
APC
Bomberfish Demo
Colonel Keylogger
Keystroke Capture
Interrupt Vector
Overriding Kernel Code
Overriding IDT
Modular structure
ICMP echo handler
Custom keyboard handler
Colonel payloads
Real mode
The sickest room
The boring part
Preventing interruptions
Copying
payload
the payload
Taught by
Black Hat
Related Courses
Operating System ForensicsLinkedIn Learning Incident Response: Host Analysis
Pluralsight Working with Memory Dumps and Debugging Using Sysinternals Tools
Pluralsight Advanced .NET Debugging Techniques from Real World Investigations
NDC Conferences via YouTube Scraping Leaky Browsers for Fun and Passwords
BruCON Security Conference via YouTube