Windows Kernel Exploitation

[Nytro]

Windows Kernel Exploitation

When I started learning about Windows kernel exploitation, I turned my notes into blog posts and tried to make them explain everything that I was doing. This process improved my understanding a great deal and several rounds of feedback and rewrites later, they've become this series of tutorials.

The first part covers a couple of different ways to setup kernel debugging for a live Windows host and some basic WinDbg commands.

• Windows Kernel Exploitation Part 0: Kernel Debugging

 

Parts 1 to 5 walk through exploiting what at the time were most of the vulnerabilities present in the HackSysTeam extremely vulnerable driver. This is a Windows driver based exploit me, created with the aim of helping people learn Windows kernel exploitation.

• Windows Kernel Exploitation Part 1: Getting Started With The HackSysTeam Extremely Vulnerable Driver
• Windows Kernel Exploitation Part 2: My First Kernel Exploit
• Windows Kernel Exploitation Part 3: Arbitary Overwrite, NULL Pointer, Type Confusion And Integer Overflow Examples
• Windows Kernel Exploitation Part 4: Introduction to Windows Kernel Pool Exploitation

 

The Spiritual part 5 of the series was published via MWR Labs and walks through exploiting CVE-2014-4113 on a 32 bit copy of Windows 7.

• Windows Kernel Exploitation 101: Exploiting CVE-2014-4113

 

The remaining post focuses on bridging the gap between exploiting vulnerabilities on Windows 7 and Windows 8.1 and solving the extra challenges this introduces.

• Windows Kernel Exploitation Part 6: Moving On From Windows 7, Arbitary Overwrite and Stack Overflow Examples For Windows 8.1 64Bit

 

Additionally I wrote a long post on revisiting a paper originally written by j00ru about kernel address leaks, looking at how the functions used in his paper had been modified on newer versions of Windows:

• Revisiting Windows Security Hardening Through Kernel Address Protection

 

Sursa: https://samdb.xyz/windows-kernel-exploitation/