Teach Security, Teach Christ; Teach Security In Christ.

Monthly Archives: April 2017

Hands-on Training & Talk – A Windows Kernel Bug Under the Hood (John deGruyter)

Posted on by Posted in Education, Meetings Leave a comment

The next (May) HackFormers meeting will be held on May 5th, 2017 at the BSides Austin 2017 event/location. It is free and open to all HackFormers and BSides attendees.

PLEASE READ THIS ENTIRE POST BEFORE REGISTERING.
— SPECIAL NOTE —
In order to attend the HackFormers event, you must be have a printed parking permit to enter and park in the JJ Pickle campus. NOTE: You do not need to register in the BSides Austin site as was originally communicated. Please print your PARKING PERMIT here

Trainer/Speaker: John deGruyter ( )
Date: May 5th, 2017 (Friday)
Meeting Time: 9:00 am – 12:00 pm. Training followed by the HackFormers talk.
Venue: BSides Austin 2017 location. JJ Pickle Research Center
Address: 10100 Burnet Road, Bldg 137. Austin, TX 78758. (512) 341-7000 
Note. This is not the usual Microsoft Location and the event is colocated in the same location as the BSides Austin location. 

Link to register for HackFormers event only:

Abstract:
In the Teach Security part of this talk, John will be doing a technical breakdown of a recently discovered vulnerability in the usbpcap driver (CVE-2017-6178) and see how it can be leveraged to elevate privileges from within the windows kernel. Details about this hands-on training is given below. In the Teach Christ and Security in Christ part of this talk, John will share on “Evolving Purpose, The (ongoing) Journey of a Hungry Hacker”.

Speaker Bio:

John deGruyter started his professional career in the 90s humping a pack and carrying an M-16 in the United States Marine Corps. Now, he enjoys taking things apart and studying how they work on a low level. His hunger for learning soon developed into a passion for teaching.  He is a regular speaker at local security meet ups and has written course material and taught as an adjunct professor for The George Washington University.
Training (Workshop) details:
Understanding of the Windows kernel has typically been considered to have a steep learning curve and not for the faint of heart. However, many vulnerabilities have surfaced from within the depths of the kernel proving it to be a lucrative target for attackers. Security researchers who want to move beyond the classroom need to have a solid understanding of what goes on under the hood and behind the scenes. This course is geared toward providing a deeper understanding of how user applications interact with kernel device drivers and the related security implications. We will roll up our sleeves in some hands on exercises as we break down the different software components.
This training will cover:
  • An overview of the Windows kernel
  • Virtual memory
  • Privilege levels
  • Object manager
  • Interacting with drivers and devices
  • Analyzing crash dumps  and live debugging with windbg

Required Materials:
Students will be required to bring a laptop running VMWare Workstation or VMWare Fusion. (The 30 day trial is fine)
The following virtual machine will be required:

Additional software for the Windows 8 VM will be distributed in class.