Nikita Tarakanov is an independent information security researcher. He has worked as an IS researcher in Positive Technologies, Vupen Security, CISS, Intel corporation. He likes writing exploits, especially for Windows NT Kernel. He won the PHDays Hack2Own contest in 2011 and 2012. He has published a several papers about kernel mode drivers and their exploitation. He is currently, engaged in reverse engineering research and vulnerability discovery automation.
[Abstract]
==========
Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labour-intensive. To address this issue, automated exploit generation techniques can be adopted. In practice, existing techniques however exhibit an insufficient ability to craft exploits, particularly for the kernel vulnerabilities.
In this talk, we will introduce a new exploitation framework to automate the exploitation of Windows kernel pool overflow/corruption vulnerabilities. Technically speaking, our framework utilizes a kernel pool manipulation technique and various exploitation techniques (some of them are new and have never been published). We demonstrate that this new exploitation framework facilitates exploit crafting from many aspects. First, it works on all Windows versions from Windows 7 up to Windows 10 RedStone 4. Second it bypasses all kernel security mitigations including Pool Metadata hardening, Object Header TypeIndex encoding, SMEP, KMCI.
Bonus: Overview of new challenges in automating kernel pool overflow/corruption exploit development in the upcoming Windows 10 RedStone 5.