If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
In the past few years, many new mitigation techniques were introduced both into Windows kernel and userspace. These are supposed to make exploitation of certain vulnerabilities significantly harder, reduce exploit reliability, and require dependency on multiple primitives. It impacts many of the core components of the OS and build stack, including the loader, front-end allocator, compiler, and memory management. With such investment and impact, how effective are these really, from the exploit developer’s perspective?
In this talk, we’ll explain the primary mitigations in Windows that hinder modern memory corruption exploitation in userspace. Using examples of real-world vulnerabilities, we will see how to achieve arbitrary code execution on different Windows versions, comparing their impact on exploits. On our journey to code execution, we will learn the motivation behind these mitigations, understand their design, scope, and implementation, and study their weaknesses.