SlideShare a Scribd company logo

Subverting Vista Kernel For Fun

‱Download as PPT, PDF‱
‱
G
guestf1a032
Economy & FinanceTechnology
1 of 53
Subverting Vista TM Kernel For Fun And Profit Joanna Rutkowska Advanced Malware Labs SyScan’06 July 21 st , 2006, Singapore & Black Hat Briefings 2006 August 3 rd , 2006, Las Vegas
About this presentation ,[object Object],[object Object]
Content ,[object Object],[object Object],[object Object],[object Object]
Part I – getting into the kernel
Signed Drivers in Vista x64 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How to bypass? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenges ,[object Object],[object Object],[object Object],[object Object]
How to force drivers to be paged? ,[object Object],[object Object],[object Object],[object Object]
Eating memory

What could be paged? ,[object Object],[object Object]
Finding a target ,[object Object],[object Object],[object Object],[object Object]
Locating paged code inside pagefile ,[object Object],[object Object],[object Object],[object Object]
How to make sure our shellcode gets executed? ,[object Object],[object Object],[object Object]
Putting it all together ,[object Object],[object Object],[object Object]
DEMO ,[object Object],[object Object],[object Object]
Creating useful shellcodes ,[object Object],[object Object]
DEMO
Possible solutions (1/3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Possible solutions (2/3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Possible solutions (3/3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bottom line ,[object Object],[object Object],[object Object],[object Object]
Part II – Blue Pill
Invisibility by Obscurity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Imagine a malware
 ,[object Object],[object Object],[object Object],[object Object]
Blue Pill Idea ,[object Object],[object Object],[object Object]
AMD64 & SVM ,[object Object],[object Object],[object Object],[object Object]
SVM ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The heart of SVM: VMRUN instruction
Blue Pill Idea (simplified)
BP installs itself ON THE FLY! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SubVirt Rootkit ,[object Object],[object Object]
SubVirt vs. Blue Pill ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Matrix inside another Matrix ,[object Object],[object Object],[object Object],[object Object]
Nested VMs
Detection via timing analysis ,[object Object],[object Object],[object Object],[object Object],[object Object]
Cheating timing analysis ,[object Object],[object Object],[object Object],[object Object]
Time dilatation for guest
Getting the real time

Time profiling in practice ,[object Object],[object Object],[object Object],[object Object]
Blue Pill based malware ,[object Object],[object Object],[object Object],[object Object]
Delusion Backdoor ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Delusion Demo (Blue Pill powered)
Blue Pill detection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Generic BP detection ,[object Object],[object Object],[object Object]
Blue Pill detection ,[object Object],[object Object],[object Object]
Pacifica vs. Vanderpool ,[object Object],[object Object],[object Object],[object Object]
Blue Pill Prevention ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hardware Red Pill? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Future work ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bottom line ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object]
Credits ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you! [email_address] check out http://coseinc.com/ for information about available trainings!

Recommended

Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Learning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessLearning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessNanik Tolaram
 
Android Custom Kernel/ROM design
Android Custom Kernel/ROM designAndroid Custom Kernel/ROM design
Android Custom Kernel/ROM designMuhammad Najmi Ahmad Zabidi
 
Timings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical HackerTimings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical HackerStacy Devino
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsDefeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
 
Android booting sequece and setup and debugging
Android booting sequece and setup and debuggingAndroid booting sequece and setup and debugging
Android booting sequece and setup and debuggingUtkarsh Mankad
 
Modern Bootkit Trends: Bypassing Kernel-Mode Signing Policy
Modern Bootkit Trends: Bypassing Kernel-Mode Signing PolicyModern Bootkit Trends: Bypassing Kernel-Mode Signing Policy
Modern Bootkit Trends: Bypassing Kernel-Mode Signing PolicyAlex Matrosov
 

Recommended

Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Learning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessLearning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessNanik Tolaram
 
Android Custom Kernel/ROM design
Android Custom Kernel/ROM designAndroid Custom Kernel/ROM design
Android Custom Kernel/ROM designMuhammad Najmi Ahmad Zabidi
 
Timings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical HackerTimings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical HackerStacy Devino
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsDefeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
 
Android booting sequece and setup and debugging
Android booting sequece and setup and debuggingAndroid booting sequece and setup and debugging
Android booting sequece and setup and debuggingUtkarsh Mankad
 
Modern Bootkit Trends: Bypassing Kernel-Mode Signing Policy
Modern Bootkit Trends: Bypassing Kernel-Mode Signing PolicyModern Bootkit Trends: Bypassing Kernel-Mode Signing Policy
Modern Bootkit Trends: Bypassing Kernel-Mode Signing PolicyAlex Matrosov
 
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Security Conference
 
Star wind iscsi-san-software-handson-review-1-eng
Star wind iscsi-san-software-handson-review-1-engStar wind iscsi-san-software-handson-review-1-eng
Star wind iscsi-san-software-handson-review-1-engthuragavaripallem
 
How To Build Android for ARM Chip boards
How To Build Android for ARM Chip boardsHow To Build Android for ARM Chip boards
How To Build Android for ARM Chip boardsIndustrial Technology Research Institute (ITRI)(ć·„æ„­æŠ€èĄ“ç ”ç©¶é™ą, 淄研陹)
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...sreeharsha43
 
sponsorAVAST-VB2014
sponsorAVAST-VB2014sponsorAVAST-VB2014
sponsorAVAST-VB2014Martin Hron
 
Defeating x64: The Evolution of the TDL Rootkit
Defeating x64: The Evolution of the TDL RootkitDefeating x64: The Evolution of the TDL Rootkit
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
 
Backtrack Manual Part2
Backtrack Manual Part2Backtrack Manual Part2
Backtrack Manual Part2Nutan Kumar Panda
 
[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practical[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practicalMoabi.com
 
BIOS and Secure Boot Attacks Uncovered
BIOS and Secure Boot Attacks UncoveredBIOS and Secure Boot Attacks Uncovered
BIOS and Secure Boot Attacks UncoveredAlex Matrosov
 
[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory Analysis[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory AnalysisMoabi.com
 
Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Jonathan Clarke
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
580 584
580 584580 584
580 584Editor IJARCET
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesNational Cheng Kung University
 
Ch06
Ch06Ch06
Ch06Raja Waseem Akhtar
 
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚CEE-SEC(R)
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training The Linux Foundation
 
Smart pos stepbystep-v2-0
Smart pos stepbystep-v2-0Smart pos stepbystep-v2-0
Smart pos stepbystep-v2-0Rawntech Mak
 
IT103Microsoft Windows XP/OS Chap02
IT103Microsoft Windows XP/OS Chap02IT103Microsoft Windows XP/OS Chap02
IT103Microsoft Windows XP/OS Chap02blusmurfydot1
 
Command reference nos-v3_5
Command reference nos-v3_5Command reference nos-v3_5
Command reference nos-v3_5Ploynatcha Akkaraputtipat
 
Svm on cloud (presntation)
Svm on cloud (presntation)Svm on cloud (presntation)
Svm on cloud (presntation)Ghazanfar Latif (Gabe)
 
Probability
ProbabilityProbability
Probabilitynep_test_account
 

More Related Content

What's hot

BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Security Conference
 
Star wind iscsi-san-software-handson-review-1-eng
Star wind iscsi-san-software-handson-review-1-engStar wind iscsi-san-software-handson-review-1-eng
Star wind iscsi-san-software-handson-review-1-engthuragavaripallem
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...sreeharsha43
 
sponsorAVAST-VB2014
sponsorAVAST-VB2014sponsorAVAST-VB2014
sponsorAVAST-VB2014Martin Hron
 
Defeating x64: The Evolution of the TDL Rootkit
Defeating x64: The Evolution of the TDL RootkitDefeating x64: The Evolution of the TDL Rootkit
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
 
Backtrack Manual Part2
Backtrack Manual Part2Backtrack Manual Part2
Backtrack Manual Part2Nutan Kumar Panda
 
[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practical[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practicalMoabi.com
 
BIOS and Secure Boot Attacks Uncovered
BIOS and Secure Boot Attacks UncoveredBIOS and Secure Boot Attacks Uncovered
BIOS and Secure Boot Attacks UncoveredAlex Matrosov
 
[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory Analysis[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory AnalysisMoabi.com
 
Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Jonathan Clarke
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesNational Cheng Kung University
 
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚CEE-SEC(R)
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training The Linux Foundation
 
Smart pos stepbystep-v2-0
Smart pos stepbystep-v2-0Smart pos stepbystep-v2-0
Smart pos stepbystep-v2-0Rawntech Mak
 
IT103Microsoft Windows XP/OS Chap02
IT103Microsoft Windows XP/OS Chap02IT103Microsoft Windows XP/OS Chap02
IT103Microsoft Windows XP/OS Chap02blusmurfydot1
 

What's hot (20)

BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
 
Star wind iscsi-san-software-handson-review-1-eng
Star wind iscsi-san-software-handson-review-1-engStar wind iscsi-san-software-handson-review-1-eng
Star wind iscsi-san-software-handson-review-1-eng
 
How To Build Android for ARM Chip boards
How To Build Android for ARM Chip boardsHow To Build Android for ARM Chip boards
How To Build Android for ARM Chip boards
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...
 
sponsorAVAST-VB2014
sponsorAVAST-VB2014sponsorAVAST-VB2014
sponsorAVAST-VB2014
 
Defeating x64: The Evolution of the TDL Rootkit
Defeating x64: The Evolution of the TDL RootkitDefeating x64: The Evolution of the TDL Rootkit
Defeating x64: The Evolution of the TDL Rootkit
 
Backtrack Manual Part2
Backtrack Manual Part2Backtrack Manual Part2
Backtrack Manual Part2
 
[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practical[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practical
 
BIOS and Secure Boot Attacks Uncovered
BIOS and Secure Boot Attacks UncoveredBIOS and Secure Boot Attacks Uncovered
BIOS and Secure Boot Attacks Uncovered
 
[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory Analysis[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory Analysis
 
Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
 
580 584
580 584580 584
580 584
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
 
Ch06
Ch06Ch06
Ch06
 
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚
ĐšĐŸĐłĐŽĐ° ĐżŃ€Đ”ĐŽŃ€Đ”Đ»ĐžĐ·ĐœŃ‹Đč ĐœĐ” Ń‚ĐŸĐ»ŃŒĐșĐŸ ŃĐŸŃ„Ń‚
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training
 
Smart pos stepbystep-v2-0
Smart pos stepbystep-v2-0Smart pos stepbystep-v2-0
Smart pos stepbystep-v2-0
 
IT103Microsoft Windows XP/OS Chap02
IT103Microsoft Windows XP/OS Chap02IT103Microsoft Windows XP/OS Chap02
IT103Microsoft Windows XP/OS Chap02
 
Command reference nos-v3_5
Command reference nos-v3_5Command reference nos-v3_5
Command reference nos-v3_5
 

Viewers also liked

Support Vector Machine
Support Vector MachineSupport Vector Machine
Support Vector MachineShao-Chuan Wang
 
Android ppt
Android pptAndroid ppt
Android pptPooja Garg
 
Final year project presentation in android application
Final year project presentation in android applicationFinal year project presentation in android application
Final year project presentation in android applicationChirag Thaker
 
Machine Learning using Support Vector Machine
Machine Learning using Support Vector MachineMachine Learning using Support Vector Machine
Machine Learning using Support Vector MachineMohsin Ul Haq
 
Android Project Presentation
Android Project PresentationAndroid Project Presentation
Android Project PresentationLaxmi Kant Yadav
 

Viewers also liked (7)

Svm on cloud (presntation)
Svm on cloud (presntation)Svm on cloud (presntation)
Svm on cloud (presntation)
 
Probability
ProbabilityProbability
Probability
 
Support Vector Machine
Support Vector MachineSupport Vector Machine
Support Vector Machine
 
Android ppt
Android pptAndroid ppt
Android ppt
 
Final year project presentation in android application
Final year project presentation in android applicationFinal year project presentation in android application
Final year project presentation in android application
 
Machine Learning using Support Vector Machine
Machine Learning using Support Vector MachineMachine Learning using Support Vector Machine
Machine Learning using Support Vector Machine
 
Android Project Presentation
Android Project PresentationAndroid Project Presentation
Android Project Presentation
 

Similar to Subverting Vista Kernel For Fun

IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02blusmurfydot1
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsDefconRussia
 
Vxcon 2016
Vxcon 2016Vxcon 2016
Vxcon 2016Kelvin Chan
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisTamas K Lengyel
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)Michael Smith
 
Ch04 system administration
Ch04 system administration Ch04 system administration
Ch04 system administration Raja Waseem Akhtar
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detectionamiable_indian
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenTamas K Lengyel
 
Fuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfFuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfdistortdistort
 
CloudStack templates with OpenVM
CloudStack templates with OpenVMCloudStack templates with OpenVM
CloudStack templates with OpenVMShapeBlue
 
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNoSuchCon
 
VM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzingVM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzingTamas K Lengyel
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealitySally Feller
 
the NML project
the NML projectthe NML project
the NML projectLei Yang
 
How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.Marc Karasek
 

Similar to Subverting Vista Kernel For Fun (20)

IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensics
 
Vxcon 2016
Vxcon 2016Vxcon 2016
Vxcon 2016
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
 
Rapidly deploying software
Rapidly deploying softwareRapidly deploying software
Rapidly deploying software
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysis
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
 
Ch04 system administration
Ch04 system administration Ch04 system administration
Ch04 system administration
 
Ch04
Ch04Ch04
Ch04
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detection
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
 
Fuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfFuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdf
 
CloudStack templates with OpenVM
CloudStack templates with OpenVMCloudStack templates with OpenVM
CloudStack templates with OpenVM
 
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
 
VM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzingVM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzing
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
 
the NML project
the NML projectthe NML project
the NML project
 
How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.
 

Recently uploaded

Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Modelshematsharma006
 
Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713Sonam Pathan
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfAdnet Communications
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...makika9823
 
(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€S SDS
 
Governor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraintGovernor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraintSuomen Pankki
 
chapter_2.ppt The labour market definitions and trends
chapter_2.ppt The labour market definitions and trendschapter_2.ppt The labour market definitions and trends
chapter_2.ppt The labour market definitions and trendslemlemtesfaye192
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawlmakika9823
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...Henry Tapper
 
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Sonam Pathan
 
Bladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results PresentationBladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results PresentationBladex
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesMarketing847413
 
government_intervention_in_business_ownership[1].pdf
government_intervention_in_business_ownership[1].pdfgovernment_intervention_in_business_ownership[1].pdf
government_intervention_in_business_ownership[1].pdfshaunmashale756
 
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfBPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfHenry Tapper
 
ïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠž
ïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠžïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠž
ïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠžfqiuho152
 
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyInterimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyTyöelĂ€keyhtiö Elo
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Roomdivyansh0kumar0
 
House of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHouse of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHenry Tapper
 

Recently uploaded (20)

Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Models
 
Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdf
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
 
(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
(ćŠžç†ć­ŠäœèŻ)ćŠ æ‹żć€§èšçœć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
 
Governor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraintGovernor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraint
 
chapter_2.ppt The labour market definitions and trends
chapter_2.ppt The labour market definitions and trendschapter_2.ppt The labour market definitions and trends
chapter_2.ppt The labour market definitions and trends
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
 
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
 
Bladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results PresentationBladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results Presentation
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast Slides
 
government_intervention_in_business_ownership[1].pdf
government_intervention_in_business_ownership[1].pdfgovernment_intervention_in_business_ownership[1].pdf
government_intervention_in_business_ownership[1].pdf
 
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfBPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
 
ïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠž
ïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠžïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠž
ïŒˆćŠžç†ćŽŸç‰ˆäž€æ ·ïŒ‰QUTæŻ•äžšèŻæ˜†ćŁ«ć…°ç§‘æŠ€ć€§ć­ŠæŻ•äžšèŻć­ŠäœèŻç•™äżĄć­ŠćŽ†èź€èŻæˆç»©ć•èĄ„ćŠž
 
🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road
 
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyInterimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
 
House of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHouse of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview document
 

Subverting Vista Kernel For Fun