Understanding TOCTTOU in the Windows Kernel Font Scaler Engine
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the intricacies of TOCTTOU vulnerabilities in the Windows Kernel Font Scaler Engine in this Black Hat conference talk. Delve into the history of the Font Scaler engine, its transition from user mode to kernel mode, and the resulting security implications. Examine the various factors contributing to the engine's vulnerabilities, with a particular focus on Time-of-Check to Time-of-Use (TOCTTOU) issues. Learn about the basic double fetch problem and discover more subtle TOCTTOU vulnerabilities introduced by the font engine's design. Gain insights into advanced exploit techniques, memory allocation, and data structures related to these vulnerabilities. Understand the FSAC routine, GDI graph, and other key components involved in exploiting the Font Scaler engine. This comprehensive presentation covers everything from the background of font rendering to specific attack vectors, providing a thorough understanding of this critical kernel attack surface.
Syllabus
Introduction
Background
Time of Use
Why
How
State Structure
Changing Font File
Changing Character Code
Executing VM Instructions
Conclusions
Questions
Data Structure
Memory Allocation
Advanced Exploit Techniques
Understanding TOCTTOU
First Overrated
Summary
Drawing a Picture
FSAC Routine
BoxBone
While Loop
Patch Tuesday
MAF
Log
Precompute
GDI
Graph
Taught by
Black Hat
Related Courses
Unlocking Information Security II: An Internet PerspectiveTel Aviv University via edX Cybersecurity Capstone: Breach Response Case Studies
IBM via Coursera Complete Ethical Hacking Bootcamp
Udemy Cyber Security Advanced Persistent Threat Defender Preview
Udemy Performing Threat Modeling with the PASTA Methodology
Pluralsight