Trainer Name: Ashfaq Ansari
Title: Windows Kernel Exploitation Foundation & Advanced
Dates: April 5, 2022 To April 7, 2022
Time: 9 a.m. To 5:30 p.m. CEST
Venue: NH Hotel, Alexanderplatz, Berlin-Germany
Note: Regarding COVID-19 safety, Nullcon will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. Nullcon will follow all applicable health regulations required by the local and government authorities.
This is the combined version of the Windows Kernel Exploitation Foundation & Advanced course. In this course, we will use Windows 10 x64 for all the labs and has a CTF that runs throughout the training.
This course starts with the Foundation course and builds the mindset required for the Advanced course. During this course, students will learn the basics of Windows & driver internals, different memory corruption classes and fuzzing of kernel mode drivers. We will understand pool manager internals in order to groom kernel pool memory for reliable exploitation of pool-based vulnerabilities.
We will also look into how we can bypass kASLR, kLFH, KPTI, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigation.
Upon completion of this training, participants will be able to learn:
Training level: Intermediate, Advanced
Day 1 (Foundation)
Day 2 (Advanced)
Day 3 (Advanced)
Upon completion of this training, participants will be able to:
Ashfaq Ansari a.k.a "HackSysTeam", is a vulnerability researcher and specializes in software exploitation. He has authored "HackSys Extreme Vulnerable Driver (HEVD)" which has helped many folks to get started with Windows kernel exploitation. He holds numerous CVEs under his belt and is the instructor of "The Windows Kernel Exploitation" course. His core interest lies in Low- Level Software Exploitation both in User and Kernel Mode, Vulnerability Research, Reverse Engineering, Hybrid Fuzzing, and Program Analysis.
Twitter Handle: @HackSysTeam