The next (May) HackFormers meeting will be held on May 5th, 2017 at the BSides Austin 2017 event/location. It is free and open to all HackFormers and BSides attendees.
PLEASE READ THIS ENTIRE POST BEFORE REGISTERING.
— SPECIAL NOTE —
In order to attend the HackFormers event, you must be have a printed parking permit to enter and park in the JJ Pickle campus. NOTE: You do not need to register in the BSides Austin site as was originally communicated. Please print your PARKING PERMIT here
Trainer/Speaker: John deGruyter (@johndegruyter )
Date: May 5th, 2017 (Friday)
Meeting Time: 9:00 am – 12:00 pm. Training followed by the HackFormers talk.
Venue: BSides Austin 2017 location. JJ Pickle Research Center
Address: 10100 Burnet Road, Bldg 137. Austin, TX 78758. (512) 341-7000
Note. This is not the usual Microsoft Location and the event is colocated in the same location as the BSides Austin location.
In the Teach Security part of this talk, John will be doing a technical breakdown of a recently discovered vulnerability in the usbpcap driver (CVE-2017-6178) and see how it can be leveraged to elevate privileges from within the windows kernel. Details about this hands-on training is given below. In the Teach Christ and Security in Christ part of this talk, John will share on “Evolving Purpose, The (ongoing) Journey of a Hungry Hacker”.
John deGruyter started his professional career in the 90s humping a pack and carrying an M-16 in the United States Marine Corps. Now, he enjoys taking things apart and studying how they work on a low level. His hunger for learning soon developed into a passion for teaching. He is a regular speaker at local security meet ups and has written course material and taught as an adjunct professor for The George Washington University.
An overview of the Windows kernel
- Virtual memory
- Privilege levels
- Object manager
- Interacting with drivers and devices
- Analyzing crash dumps and live debugging with windbg
Students will be required to bring a laptop running VMWare Workstation or VMWare Fusion. (The 30 day trial is fine)
The following virtual machine will be required:
- Windows 8 32-bit, unpatched (a free trial is available here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-8-enterprise)