Momigari
Overview of the latest Windows OS kernel exploits
found in the wild
Boris Larin
@oct0xor
30-May-19
Anton Ivanov
@antonivanovm
$whoweare
Senior Malware Analyst (Heuristic Detection and Vulnerability Research Team)
Boris Larin
Head of Advanced Threats Research and Detection Team
Anton Ivanov
Twitter: @oct0xor
Twitter: @antonivanovm
4
What this talk is about
1) We will give brief introduction about how we find zero-day exploits and challenges that we face
2) We will cover three Elevation of Privilege (EOP) zero-day exploits that we found exploited in the wild
• It is becoming more difficult to exploit the Windows OS kernel
• Samples encountered ITW provide insights on the current state of things and new techniques
• We will cover in detail the implementation of two exploits for Windows 10 RS4
3) We will reveal exploitation framework used to distribute some of these exploits
5
What this talk is about