Exploitation
Exploitation¶
Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment
Rusty Windows Kernel Rootkit
Anti Cheats
Protections¶
SMAP (Supervisor Mode Access Prevention) - Prevent the Kernel from accessing user mapped memory
SMEP (Supervisor Mode Execution Prevention) - Prevent Kernel mode from executing code from usermode
Both of these flags are in the CR4 register
Mapping Physical Memory¶
Vulnerable Driver to manipulate physical memory and the kernel
Driver Exploitation¶
How to exploit a vulnerable windows driver
Privilege Escalation¶
Copy the security token from the INIT process
Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018)
Windows Syscalls¶
Note
Windows Syscalls change for each version of Windows