Abusing the Windows Kernel: How to Crash an Operating System With Two Instructions (NoSuchCon 2013)


  • Language: English
  • Conference: NoSuchCon
  • Location: Paris, France
  • Date: May 2013
  • Speaker(s): Mateusz ‘j00ru’ Jurczyk



The Microsoft Windows NT-family operating systems have gone a long journey throughout the last two decades – from an unstable and extremely insecure environment to a relatively secure system, incorporating numerous effective exploit mitigations against both local and remote attacks. While many would agree that identifying and taking advantage of Local Elevation of Privileges vulnerabilities has since became a more difficult task and now requires specialist knowledge, the presentation will discuss how some of the most core kernel components can be still considered extremely fragile and even useful in practical local attacks, including breaches of widely deployed sandboxing technologies. We will focus on non-trivial quirks, exploitation of certain scenarios and amusing bugs or behaviors that have made it to Windows NT 3.1 and remained unnoticed until Windows 7 or 8, likely with some low- to medium-severity 0-day security flaws mixed in.