2011 Talks

Windows Kernel Vulnerability Research and Exploitation

With the development in recent years of anti-exploitation security measures like ASLR, DEP and Integrity Levels, we're approaching the point where exploiting bugs in the Kernel, where most of these security measures are either absent or easy to overcome, becomes both easier and more reliable than exploiting user-mode code.

In parallel, the introduction of Hardware Acceleration and sophisticated graphics and multimedia features into browsers and other user application, as well as a general move of more and more code from User to Kernel, increases the number of interfaces between User and Kernel code and provides a much wider attack surface for exploitation.

In this presentation we will:

  • Talk about the differences between Kernel and User exploitation
  • Learn how to find vulnerabilities in the Kernel
  • Present different exploitation techniques and tricks
  • Walk through and demonstrate a previously unpublished (but fixed) Kernel Privilege Escalation exploit.


Speaker: Gilad Bakas

 Gilad Bakas has been known for breaking software protections since the age of 13. A master Reverse Engineer and Security Researcher, Gilad spent the last 16 years doing security research, reversing and consulting for a wide range of bodies, in 4 different continents, both private and governmental, and none that would like to be disclosed :-).

Originally from Israel, in 2007 Gilad decided to take advantage of one of the luxuries that come with the profession – the ability to live virtually anywhere in the world, and chose to set his base in the paradise region of Queensland's Sunshine Coast.

Gilad tends to keep to the shadows, where the money is better and the challenge is so much more challenging ;), and Ruxcon 2011 is his first public appearance.


All your RFz Belong to Me: Hacking the Wireless World with GNU Radio All your RFz Belong to Me: Hacking the Wireless World with GNU Radio
4 Years and 4 Thousand Websites Worth of Vulnerability Assessments 4 Years and 4 Thousand Websites Worth of Vulnerability Assessments: What Have We Learned?