Ashfaq Ansari a.k.a “HackSysTeam”, is a vulnerability researcher and specializes in software exploitation. He has authored “HackSys Extreme Vulnerable Driver (HEVD)” which has helped many folks to get started with Windows kernel exploitation. He holds numerous CVEs under his belt and is the instructor of “Windows Kernel Exploitation” course. His core interest lies in Low Level Software Exploitation both in User and Kernel Mode, Vulnerability Research, Reverse Engineering, Hybrid Fuzzing and Program Analysis.
This training is the upgraded version of Windows Kernel Exploitation Foundation course. In this course we will use Windows 10 RS4 x64 for all the labs and has a CTF that runs throughout the training.
This course starts with the changes in Windows 10 RS4, Internals, hands-on fuzzing of Windows kernel mode drivers. We will understand pool manager internals in order to groom kernel pool memory from user mode for reliable exploitation of pool based vulnerabilities.
We will look into how we can bypass kASLR using kernel pointer leaks. We will do hands-on exploitation using Data-Only attack which effectively bypasses SMEP and other exploit mitigation.
Upon completion of this training, participants will be able to:
- Learn basics of Windows internals
- Understand how to fuzz Windows kernel mode drivers to find vulnerabilities
- Learn the exploit development process in kernel mode
- Understand how to groom kernel pool from user land
- Get comfortable with Windows kernel debugging
- Basic operating system concepts
- Good understanding of user mode exploitation
- Basics of x86/x64 Assembly and C/Python
What students should bring
- 8 GB Flash drive
- A laptop capable of running two virtual machines simultaneously (8 GB+ of RAM)
- 40 GB free hard drive space
- Vmware Workstation/Player installed
- Everyone should have Administrator privilege on their laptop