Don’t _miss

Wire Festival

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam blandit hendrerit faucibus turpis dui.

Useful links

Call For Papers

Tickets & Merch

Sponsorship

Presentations

Workshop sessions

Speakers

Venue info

 

<We_can_help/>

What are you looking for?

<Good_things_happen/> Welcome to Conference

d

Copyright @ Select-themes

Follow us

>Windows Kernel Exploitation for Red Team Operators

Windows Kernel Exploitation for Red Team Operators

“Windows Kernel Exploitation for Red Team Operators” will provide a detailed, highly technical guide on how to exploit Windows kernel drivers in the context of red team operations. With more and more EDRs moving away from userland hooks and towards kernel telemetry (EtwTi, Callbacks), red teams must adapt to overcome those challenges. This talk will be the stepping stone into kernel exploitation, covering a lot of ground to enable red team operators diving into this highly complex but rewarding topic. Attendees listening in to this talk will take away valuable knowledge:

Windows Internals: Gain a solid foundation of the Windows architecture and how its kernel functions. This knowledge is crucial for identifying and exploiting system vulnerabilities. During the talk I will briefly cover the system components, virtual memory and more.
Interacting with Windows Drivers: To exploit a driver we must first learn how they work and how to interact with them. During this section attendees will learn about the Windows Driver Model and its implications on exploitation.
Exploiting Write-What-Where Vulnerabilities: We will look at a recent vulnerability in the Echo Anti-Cheat software discovered by a group of researchers to show the impact of write-what-where vulnerabilities. The talk will include demonstrations for both privilege escalation and blinding EDR scenarios.