vOPCDE #8 - Scoop the Windows 10 pool! (Corentin Bayet, Paul Fariello)

Scoop the Windows 10 pool!

Heap Overflow are a fairly common vulnerability in applications. Exploiting such vulnerabilities often rely on a deep understanding of the underlying mechanisms used to manage the heap. Windows 10 recently changed the way it managed its heap in kernel land. This presentation aims to review the recent evolution of the heap mechanisms in Windows NT Kernel and to present a new exploitation technique specific to the kernel Pool.

Corentin Bayet, Security Engineer, Synacktiv
Paul Fariello, Security Engineer, Synacktiv

Corentin BAYET is a security researcher at @Synacktiv. He previously worked on Windows Kernel heap exploitation, and is particularly interested in applicative security and low level exploitation. Recently, he started to get interested in hypervisors security, and participated to Pwn2Own 2020 targeting VMware Workstation.

Paul Fariello is a security engineer at Synacktiv. He has interest in security and low level stuff. He started in security as a developer on projects focusing on security. More recently, he worked on VM escape and presented its work in Phrack and at Infiltrate.