Jump to content
Nytro

RSTCon #2 - Stefan Nicula si Marian Gusatu - CVE-2022-21882 Windows LPE: tehnici de analiza/detectie

Recommended Posts

 

Acest studiu se concentreaza pe analizarea unui exploit recent publicat in luna Ianuarie 2022 ce afecteaza componenta de sistem win32k din Windows kernel si rezulta intr-o vulnerabilitate de tipul elevare de privilegii. Analiza exploiturilor de tipul 1day ne poate ajuta atat pe plan defensiv, prin crearea de detectii relevante asupra celor mai noi tehnicilor de exploatare, cat si in identificare si prevenirea unor noi vulnerabilitati similare in aceleasi componente. Totodata, cercetarea acestui CVE reprezinta un bun exemplu in care patch-urile aplicate initial nu mitigheaza in profunzime problema. In cadrul prezentarii, vom discuta despre notiuni de Windows internals, atacuri de tip data-only, WinDbg kernel debugging si indicatori de detectie, cu un focus principal pe analiza defensiva si intelegerea procesului de exploatare.

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...