Skip to content

Exploitation

Exploitation

Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment

Rusty Windows Kernel Rootkit
Anti Cheats

Protections

SMAP (Supervisor Mode Access Prevention) - Prevent the Kernel from accessing user mapped memory
SMEP (Supervisor Mode Execution Prevention) - Prevent Kernel mode from executing code from usermode

Both of these flags are in the CR4 register

Mapping Physical Memory

Vulnerable Driver to manipulate physical memory and the kernel

Driver Exploitation

How to exploit a vulnerable windows driver

Privilege Escalation

Copy the security token from the INIT process

Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018)

Windows Syscalls

Windows System Call Tables

Note

Windows Syscalls change for each version of Windows