A Dive into Windows User and Kernel Mode Exploit Mitigations
As a penetration tester, red teamer, or exploit developer, you will often be up against a varying number of exploit mitigations aimed at thwarting your attack. In the past, the majority of these mitigations focused on user mode vulnerabilities; however, the Kernel is now well-protected. There are mature mitigations, such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Control Flow Guard (CFG), as well as newer mitigations associated with Windows Defender Exploit Guard. We will take a look at the most effective mitigations, and venture into Kernel mitigations such as Virtualization Based Security (VBS) and others.
Stephen Sims began working on computers at a young age with a fellow enthusiast: his father. Amazed by how easy it was to change an application's intended behavior, Stephen was quickly hooked. Today, he's an industry expert with over 15 years of experience in information technology and security. He's authored SANS most advanced course, SEC760: Advanced Exploit Development for Penetration Testers, was the 9th person in the world to earn the GIAC Security Expert certification (GSE), and co-author of the Gray Hat Hacking book series, as well as a keynote speaker who's appeared at RSA USA and APJ, OWASP AppSec, BSides events and more. On top of all this, Stephen is Curriculum Lead for both SANS Cyber Defense and SANS Penetration Testing.
The translated recordings are now available.
- View Bahasa Indonesia Recording (Mendalami Mitigasi Eksploit pada Pengguna Windows dan Mode Kernel)
- View Japanese Recording (Windowsにおけるユーザーモード、カーネルモードの各エクスプロイト対策技術)
- View Korean Recording (윈도우 사용자 및 커널 모드 Exploit Mitigation 파헤치기)
- View Thai Recording (เจาะลึกมาตรการป้องกันการโจมตี User และ Kernel Mode ใน Windows)
- View Vietnamese Recording (Phân tích sâu các biện pháp giảm thiểu khai thác lỗ hổng Chế độ người dùng (User Mode) và Chế độ hạt nhân (Kernel Mode) của Windows)
