This talk delves into the discovery of a zero-day vulnerability within a core component of Windows that has long been overlooked. Despite belonging to a typically less exploitable vulnerability class, this flaw impacts all versions from Windows XP to Windows 10, including server editions. It enables privilege escalation (LPE) from a non-privileged user account, shedding light on the lasting impact of vulnerabilities deemed less critical.
Throughout the presentation, attendees will gain insight into the macro-category of this vulnerability, its inherent constraints, and the limitations surrounding its exploitation. Emphasizing offensive strategies and kernel-level driver exploitation, the talk will explore the intricate details of kernel structures and memory layouts utilized by the exploit. Special focus will be placed on the shellcode employed for privilege escalation.
By providing practical examples and demonstrations, the presentation highlights how seemingly non-critical vulnerabilities can have a significant impact, particularly in the right environment. Security implications and potential countermeasures to mitigate the risk will also be discussed, empowering developers and system administrators to address vulnerabilities effectively.
This talk offers a unique opportunity for security enthusiasts and professionals to understand the complexities of kernel-level vulnerabilities and exploitation techniques in legacy Windows environments, reinforcing the importance of ongoing vigilance and proactive security measures.
Paolo Stagno (aka VoidSec) has worked as a Penetration Tester for a wide range of clients across top-tier international banks, major tech companies and various Fortune 1000 industries.
He worked as a Vulnerability Researcher and Exploit Developer for Exodus Intelligence, where he was responsible for discovering and exploiting unknown vulnerabilities (zero days) in Windows OS, enterprise applications, network infrastructure components, IoT devices, new protocols, and technologies.
He is now the Director of Research at Crowdfense, focused on Windows OS offensive application security (kernel and user-land). He enjoys understanding our digital world, disassembling, reverse engineering and exploiting complex products and code.
In his own research, he discovered various vulnerabilities in the software of multiple vendors and tech giants like eBay, Facebook, Google, HP, McAfee, Microsoft, Oracle, Paypal, VMware and many others.
Since the beginning of his career, he has enjoyed sharing his expertise with the security community through his website (voidsec.com). He is also an active speaker in various security conferences around the globe like HITB, Typhooncon, Hacktivity, SEC-T, Droidcon, HackInBo, M0leCon, TOHack and Meethack.