As modern web browsers keep envoling in secuirty, it becomes more and more difficult to break their sandboxes with user-mode bugs. In such situation, in windows system the kernel bugs become more and more popular. In the recent two years, kernel bugs have been heavily used to break browser sandboxes in various contests such as Pwn2Own, PwnFest, and even used in real target attacks. Most of these kernel sandbox-escape bugs exist in the win32k subsystem, for example, the 2 kernel exploits we demonstrated in Pwn2Own 2016.