Jump to content
Nytro

OPCDE 2018 Dubai - Kernel Object Abuse by Type Isolation

Recommended Posts

 

In the past few years, data only kernel exploitation has been on the rise, since 2011 abusing and attacking Desktop heap objects, to gain a higher exploit primitives, was seen in many exploits. Moving forward to 2015 the focus has changed to GDI subsystem, and the discovery of the GDI Bitmaps objects, abuse, as well as in 2017 the GDI Palettes object abuse technique was released at DefCon 25, all of these techniques aim to, gain arbitrary/relative kernel memory read/write, to further the exploit chain. In this talk we will focus on some of the discovered techniques and objects, and how we were able using Type Isolation released in RS4 to mitigate those exploitation techniques.

 

*** Ian Kronquist enjoys working at the confluence of systems programming and security, building mitigations for Windows kernel vulnerabilities at Microsoft. He previously worked on a hypervisor designed to detect and stop malware at an antivirus startup called Barkly Protects in Boston, Massachusetts. Ian graduated from Oregon State University with a BS in Computer Science, and spent his college years working at the OSU Open Source Lab. Ian has traveled throughout Europe and Asia and spent a year studying the Turkish language and folk music in Southern Turkey. Saif is a security engineer in the Microsoft Security Response Center’s Vulnerability & Mitigations team. He has a keen interest in exploit development and sharing everything he learns. He spends his time doing vulnerability research against Microsoft products and understanding new exploitation techniques and their real world applications.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...