Attack on the Core presented at NoSuchCon 2014

by Peter Hlavaty,

Summary : Kernel vulnerabilities was commonly used to obtain admin privileges, and main rule was to stay in kernel as small time as possible! But nowdays even when you get admin / root then current operating systems are sometimes too restrictive. And that made kernel exploitation nice vector for installing to kernel mode!
In this talk we will examine steps from CPL3 to CPL0, including some nice tricks, and we end up with developing kernel mode drivers.
Peter (@zer0mem) is a security researcher at KEEN Team (@K33nTeam) and his primary focus is kernel exploitation. Peter has 4+ years’ experience at IT security in different areas as malware research, developing anti-APT solutions or windows kernel dev & research.