Show filters Hide filters

Refine your search

Publication Year
1-1 out of 1 results
Change view
  • Sort by:
45:41 REcon English 2015

This Time Font hunt you down in 4 bytes

In our recent work we targeted also win32k, what seems to be fruit giving target. @promised lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them… Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism. In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs. Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands and bring you SYSTEM exec (from kernel driver to system calc).
  • Published: 2015
  • Publisher: REcon
  • Language: English
out of 1 pages


   49 ms - page object
   21 ms - search
    2 ms - highlighting
    2 ms - highlighting/32807


AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)