Jan-Jaap Korpershoek
Jan-Jaap Korpershoek is an experienced ethical hacker working at the Adversary Simulation team of Northwave. He blends his experience in the areas of reverse engineering, red teaming and penetration testing to find new and creative ways to test infrastructure and applications. Jan-Jaap has a bachelor in technical computer science and a master in Cyber Security. He has a broad interest in all things computer science related and is always up for an interesting challenge.
Session
In a world where user-mode security is often prioritized, vulnerabilities in kernel drivers pose significant risks and can lead to privilege escalation and other severe system compromises. This presentation offers a thorough guide to identifying and analyzing these vulnerabilities. We will examine the impact of kernel driver vulnerabilities, including their exploitation in real-world attacks and their use by red teams. We will demonstrate methods for building a driver database from diverse sources while filtering for only the most promising drivers.
We will then delve into the most important technical features of kernel drivers such as user-to-kernel communication, driver architecture, and essential functionionality. Finally, we will elaborate on identifying and assessing many common vulnerability types such as heap overflows, handle leaks, and race conditions. Additionally, we will provide some practical advice on setting up research environments, debugging, and automated analysis to get you set up right away. By the end of the presentation, you'll be equipped to start your own kernel driver vulnerability research. Based on our current results, we expect many vulnerabilities are still to be found!