Loading...

Windows SMEP bypass: U=S - Nicolas Alejandro Economou & Enrique Nissim

965 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 21, 2016

Windows SMEP bypass: U=S
Nicolas Alejandro Economou & Enrique Nissim - ekoparty #11 (2015)
With the emergence of the “Supervisor Mode Execution Prevention” Intel feature and its inclusion on Windows 8 as a default exploit mitigation system, it was necessary to improve local kernel exploitation techniques to be up to date. As a well known technique, we can mention turning off SMEP by ROPing to disable the 20th bit in CR4 register. From Windows 2000 to Windows 10, Microsoft "forgot" to randomize the most basic and important structures of the operating system since the Intel 80386 cpu. In this presentation we are going to show how we combined a third party kernel driver vulnerability with a kernel MMU flaw in order to bypass this security feature on "Windows 10 64 bits" by abusing of the Paging Mechanism.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...