CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Taiwan's Cybersecurity Researchers
701 Vulnerability Research Lab
  • May 6th (Thu)
  • 16:30 - 17:00
  • 7F 701H

It's Okay to be Old Driver

Windows's Privilege Escalation always come to high privilege processes or services exploitation, and the Drivers definitely takes part in this. Usually, one logic error has been found in OEM vendor's driver will make all its product lines suffer from PoE abusing risk. No doubt, there are some problems cause by windows updates and the architecture refracture of developing driver, but most problems cause by code reference (e.g. github clone), this is because to a developer need to make sure the driver fit the standard and will not cause BSoD with resource management, also, several efficiency optimization debugging progress make all developers exhausted. Therefore, security is the last thing to be considered, and usually miss. 

Although Windows Driver exploit research looks like such easy if you prepare the domain knowledge of windows driver, those protect mechanisms (SMEP, KTPI, HyperV & PatchGuard) provide by windows still make exploit research encounter such hard time. This session will go on Windows Driver architecture first to make audience become more easier to understand the driver's problems which I'm going to explain. With several famous instances, we will talk about driver's Downgrade Attack, Unauth-Handle & MSR exploit.


General
Endpoint Security Exploit of VulnerabilitySecure Coding
NotSurprised

NotSurprised

Member, UCCU Hacker

Member of UCCU Hacker, a developer of windows driver, had shared several talks on SITCON 2019, MOPCON 2019 & iThome CyberSec 2020.