Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Windows Heap-backed Pool - The Good, the Bad, and the Encoded

Black Hat via YouTube

Start learning Write review
GetSmarter Ad

MIT Sloan: Lead AI Adoption Across Your Organization — Not Just Pilot It

Learn More → Coursera Ad

Google Data Analytics, IBM AI & Meta Marketing — All in One Subscription

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore the intricacies of the Windows kernel pool in this 39-minute Black Hat conference talk. Delve into the recent changes to the Windows kernel pool structure, transitioning from simple, easily readable designs to a more complex architecture. Examine how these modifications impact assumptions, exploits, tools, and debugger extensions. Investigate the potential new attack surfaces that may have emerged as a result of these changes. Learn about kernel APIs, pre-RS5 structures, RS5 structures, size considerations, segment contexts, heap page segments, ranges, LFH buckets, and exploitation techniques. Discover the implemented mitigations, benefits of the new design, and the concept of the Secure Pool. Gain insights into pool analysis tools and their applications in this evolving landscape of Windows kernel security.

Syllabus

Introduction
What is the kernel pool
Kernel APIs
Before RS5
RS5 Structure
Size Matters
Seg Context
Seg Segments
Heap Page Segment
Ranges
LFH vs
LFH buckets
Exploitation
Mitigations
Benefits
The Secure Pool
Pool Analysis Tools
Conclusion

Taught by

Black Hat

Reviews

Start your review of Windows Heap-backed Pool - The Good, the Bad, and the Encoded

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.