Subverting the Windows Kernel with exploits and rootkits @BSides Frankfurt

At BSides Frankfurt, Juan Sacco (Founder & Lead Developer, Exploit Pack) delivered a deep, technical session on Windows kernel exploitation and driver weaknesses. Juan walked the audience through the journey from initial reconnaissance to stable kernel exploits and shared a practical toolset for hooking and replaying IOCTLs  a powerful aid for kernel researchers.

Key themes:

The evolution of rootkit and kernel exploit development — concepts, tradeoffs and safe testing practices.

Finding vulnerable drivers: creative discovery techniques and vulnerability triage.

Practical exploitation primitives (write-what-where, memory corruption patterns) and how exploit chains are constructed.

Defensive analysis: how modern protections (EDRs, PatchGuard, driver signing) influence attacker techniques — and how defenders can detect, mitigate and harden systems.

Hands-on kernel toolset demo: IOCTL hooking & replay for reproducible vulnerability research.

The slides can be found here: Slides Kernel Exploitation