YoVDO

Social Engineering the Windows Kernel - Finding and Exploiting Token Handling Vulnerabilities

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Exploit Development Courses Privilege Escalation Courses Kernel Exploitation Courses Windows Kernel Courses

Course Description

Overview

Explore the intricacies of token handling vulnerabilities in the Windows kernel through this Black Hat conference talk. Delve into social engineering techniques applied to operating system security, focusing on Access Tokens and their role in system authentication. Learn about the kernel's capabilities for identifying fake tokens and the potential consequences when these checks are bypassed. Examine real-world examples of serious vulnerabilities, including CVE-2015-0002 and CVE-2015-0062, and gain insights into exploitable patterns for conducting your own security reviews. Discover methods for exploiting token handling vulnerabilities to elevate local privileges, break out of application sandboxes, and potentially compromise the kernel. Cover key topics such as Windows security components, impersonation security levels, named pipes, NTLM negotiation, and Services for User (S4U). Analyze how kernel code interacts with tokens, common pitfalls in token handling, and recent changes in Windows 10 security measures. Gain valuable knowledge for identifying and mitigating token-related security risks in Windows environments.

Syllabus

Obligatory Background Slide
Windows Security Components
Security Reference Monitor
Token Categories
Impersonation Security Level
Named Pipes
NTLM Negotiation
Services For User (S4U)
How the Kernel Code Interacts with Tokens
Not Checking Impersonation Level
Crafted Subject Context
System Thread Impersonation
Leaky Tokens
Incorrect Token Duplication
Windows 10 Changes
Windows 10 Elevated Token Impersonation
Conclusions


Taught by

Black Hat

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent
Reverse Engineering and Exploit Development
Udemy
Penetration Testing: Advanced Kali Linux
LinkedIn Learning
Linux x86 Assembly and Shellcoding
Udemy
Python : Sıfırdan İleri Seviyeye - Etik Hacker Örnekleriyle
Udemy