Hands-on Training & Talk - A Windows Kernel Bug Under the Hood (John deGruy...
Date and time
Location
JJ Pickle Research Center [BSides Austin Venue]
10100 Burnet Road
Bldg 137.
Austin, TX 78758
Description
Hands-on Training & Talk - A Windows Kernel Bug Under the Hood (John deGruyter)
Speaker: John deDruyter
Christ Follower, Hungry Hacker, Semper Fi, Trainer, @johndegruyter ...
Venue: JJ Pickle Research Center.
10100 Burnet Road, Bldg 137. Austin, TX 78758
Note. This is not the usual Microsoft Location.
Meeting Time for this: 9:00 am - 12:00 pm
PLEASE READ THIS ENTIRE POST BEFORE REGISTERING.
--- SPECIAL NOTE ---
In order to attend the HackFormers event, you must be registered to enter the JJ Pickle campus. HackFormers has been given 30 codes that they can use to register for the BSides entry passes. Only the first 30 registrants to HackFormers will be given the code to register on a first come first serve basis. Once these 30 codes have been issued, the rest will be put on a waiting list and only be able to attend if someone cancels.
Abstract:
In the Teach Security part of this talk, John will be doing a technical breakdown of a recently discovered vulnerability in the usbpcap driver (CVE-2017-6178) and see how it can be leveraged to elevate privileges from within the windows kernel. Details about this hands-on training is given below. In the Teach Christ and Security in Christ part of this talk, John will share on "Evolving Purpose, The (ongoing) Journey of a Hungry Hacker".
Speaker Bio:
John deGruyter started his professional career in the 90s humping a pack and carrying an M-16 in the United States Marine Corps. Now, he enjoys taking things apart and studying how they work on a low level. His hunger for learning soon developed into a passion for teaching. He is a regular speaker at local security meet ups and has written course material and taught as an adjunct professor for The George Washington University.
Training Details:
Understanding of the Windows kernel has typically been considered to have a steep learning curve and not for the faint of heart. However, many vulnerabilities have surfaced from within the depths of the kernel proving it to be a lucrative target for attackers. Security researchers who want to move beyond the classroom need to have a solid understanding of what goes on under the hood and behind the scenes. This course is geared toward providing a deeper understanding of how user applications interact with kernel device drivers and the related security implications. We will roll up our sleeves in some hands on exercises as we break down the different software components.
This training will cover:
-
An overview of the Windows kernel
- Virtual memory
- Privilege levels
- Object manager
- Interacting with drivers and devices
- Analyzing crash dumps and live debugging with windbg
Required Materials:
Students will be required to bring a laptop running VMWare Workstation or VMWare Fusion. (The 30 day trial is fine)
The following virtual machine will be required:
- Windows 8 32-bit, unpatched (a free trial is available here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-8-enterprise)
To get more information about upcoming meetings and HackFormers, visit http://www.hackformers.org
Twitter: @hackformers
LinkedIn Group: http://www.linkedin.com/groups?gid=4239683
