A Dive into Windows User and Kernel Mode Exploit Mitigations

  • Wednesday, 10 Aug 2022 11:30AM SST (10 Aug 2022 03:30 UTC)
  • Speaker: Stephen Sims

As a penetration tester, red teamer, or exploit developer, you will often be up against a varying number of exploit mitigations aimed at thwarting your attack. In the past, the majority of these mitigations focused on user mode vulnerabilities; however, the Kernel is now well-protected. There are mature mitigations, such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Control Flow Guard (CFG), as well as newer mitigations associated with Windows Defender Exploit Guard. We will take a look at the most effective mitigations, and venture into Kernel mitigations such as Virtualization Based Security (VBS) and others.

Stephen Sims began working on computers at a young age with a fellow enthusiast: his father. Amazed by how easy it was to change an application's intended behavior, Stephen was quickly hooked. Today, he's an industry expert with over 15 years of experience in information technology and security. He's authored SANS most advanced course, SEC760: Advanced Exploit Development for Penetration Testers, was the 9th person in the world to earn the GIAC Security Expert certification (GSE), and co-author of the Gray Hat Hacking book series, as well as a keynote speaker who's appeared at RSA USA and APJ, OWASP AppSec, BSides events and more. On top of all this, Stephen is Curriculum Lead for both SANS Cyber Defense and SANS Penetration Testing.

The translated recordings are now available.