A New CVE-2015-0057 Exploit Technology

Recommendations

Info

Part One Introduction
Introduction - About me (yu.wang@fireeye.com) - Background It is worth noting that in 2015 alone, we have repeatedly caught APT class zero-day attacks - all of which target the Win32K subsystem’s User Mode Callback mechanism. This leads us to re-visit this old-school kernel attack surface. This talk will focus on CVE-2015-0057 and the User Mode Callback mechanism.
Page 1: A New CVE-2015-0057 Exploit Technol
Page 5 and 6: Part Two Background of the Vulnerab
Page 7 and 8: Timeline 2015 July December 2016 -
Page 9 and 10: The Old-school Kernel Attack Surfac
Page 11 and 12: Which Object Can Be Used? 1 typedef
Page 13 and 14: tagPROP and InternalSetProp Pseudoc
Page 15 and 16: Two Obstacles 1. The write ability
Page 17 and 18: NCC Group's 32-bit Exploit Method 1
Page 19 and 20: NCC Group's 64-bit Exploit Method 1
Page 21 and 22: Part Four A New CVE-2015-0057 Explo
Page 23 and 24: Obstacles Solutions 1. The full con
Page 25 and 26: Misaligned tagPROPLIST +-> | | | |
Page 27 and 28: Obstacles Solutions 1. Using the Zo
Page 29 and 30: DEMO - A New CVE-2015-0057 Exploit
Page 31 and 32: Other Problems - Heap Data Repair -
Page 33 and 34: Dead Code? 1 /* 2 * update the disp
Page 35 and 36: MS15-010
Page 37 and 38: User32!gSharedInfo
Page 39 and 40: Think Deeply - Win32K subsystem's l
Page 41: Q&A yu.wang@fireeye.com

A New CVE-2015-0057 Exploit Technology

Create successful ePaper yourself

Delete template?

Save as template?