Exploring vulnerable Windows drivers
Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Vulnerable drivers, LOLDrivers, are difficult to detect and successfully leveraging one can give an attacker full access to a system.
Windows drivers and the kernel can be overwhelming to learn about, as these topics are vast and highly complex. The documentation available on these subjects is daunting and difficult to navigate for newcomers, even for those with programming experience.
This initial hurdle and steep learning curve create a high barrier of entry into the subject. To many, the kernel space seems to be an arcane and hidden part of the operating system.
With the existence of vulnerable drivers, there is a need for those who can analyze them to identify and understand vulnerabilities. This analysis requires specific knowledge of the Windows operating system, which can be difficult to acquire.
This presentation will explore vulnerable Windows drivers and their recent usage by malicious actors. The attendees will leave with understanding of vulnerabilities in Windows drivers as well as the operating system mitigations designed to prevent a successful exploitation.
Mr. Vanja Svajcer – Cisco
Vanja Svajcer works as a Technical Leader at Cisco Talos. He is a security researcher with more than 20 years of experience in malware research, cyber threat intelligence and detection development.
Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He thinks all the time spent hunting in telemetry data to find new attacks is well worth the effort. He presented his work at conferences such as Virus Bulletin, RSA, CARO, AVAR, BalCCon and others.