Aaron Adams & Cedric Halbronn

Windows kernel exploitation training

Aaron Adams & Cedric Halbronn | Senior Researchers at NCC Group
Training Location: Courtyard by Marriott Seoul Namdaemun, Seoul, Korea
Training Title: Windows Kernel Exploitation
Date: June 15th-17th, 2020


Aaron Adams (@fidgetingbits) and Cedric Halbronn (@saidelike) are security researchers in NCC Group’s Exploit Development Group.
They have been exploiting lots of different targets over the past 15+ years. 

At NCC Group they have published work related to Windows kernel, Samba, Xen, Cisco ASA, etc.


This class will demonstrate the approach an exploit developer or bug hunter should take in attacking a previously unknown component in the Windows kernel.

After detailing the Windows kernel internals applicable to many Windows kernel vulnerabilities, the training is primarily focused around labs to teach what it takes to exploit a real-world vulnerability in a new target component.


* Familiarity with x86/x64 assembly
* C knowledge (reading/writing)
* Userland exploitation on Windows or Linux
* Some familiarity with common memory corruption techniques
* Familiarity with disassemblers (IDA, Ghidra, etc)
* Familiarity with debuggers (WinDbg, x64dbg, gdb, etc)

Who should attend

* Reverse engineers
* Exploit developers
* Bug hunters

Hardware/Software requirements

* Base OS: Windows, OS X, Linux
* VMware virtualisation software
* At least 80GB of free disk space
* At least 8GB of RAM
* 2 VMs will be provided: debugger/development VM and vulnerable VM (the host can be used instead of the debugger VM if Windows-based)