Windows Kernel Exploitation [Advanced]
Windows Kernel Exploitation [Advanced]
Instructor of the training: Juan Sacco is a security researcher and exploit developer focused on exploit development, reverse engineering, and Windows kernel exploitation. Founder of Exploit Pack. [GitHub] [LinkedIn]
This course is an advanced training focused on modern Windows kernel exploitation. It builds on vulnerability discovery [basic training] and moves into exploitation [advanced training], including exploit primitives, kernel objects, pool behavior, data-only attacks, table hijacking, and code-execution tradecraft under modern protections such as VBS, HVCI, and kCET.
Throughout the course, you will learn:
- Go from vulnerability triage [Basic training] to practical exploitation [Advanced training]
- Understand kernel pool internals, allocation behavior, tracing and pool-based abuse
- Useful kernel structures used in kernel exploitation
- Virtual and Physical memory translation
- Table hijacking and data-only attack techniques
- Understand Data Only Gadgets Technique [DOG]
- Achieve code execution under VBS/HVCI
Topics included in the Windows Kernel Exploitation [Advanced]:
- Exploitation of complex Windows kernel vulnerability classes
- Kernel pool internals, allocation behavior, and pool-based exploitation concepts
- Kernel objects, handle tables, access tokens, and privilege escalation primitives
- Data-only attack techniques and Data-Only Gadget (DOG) techniques
- Table hijacking techniques: IDT, MSR, SSDT, GDT, and IRP-related structures
- Kernel code execution under VBS/HVCI/kCET environments
- Physical memory, virtual memory, and address translation in exploitation contexts
- Bypassing or weakening kernel-mode exploit mitigations and integrity protections, including kASLR, NX, SMEP, SMAP, kCFG, kCET, PatchGuard, and HVCI
- Credential Guard, LSASS, and related protection mechanisms
Required prior knowledge
Before taking this training you should already have a solid foundation in Windows exploitation or vulnerability research and be confident using debuggers during analysis. The Windows Kernel Exploitation [Basic] covers all the requirements for this advanced training.
Hands-on Exercises & Materials
You will practice against real, vulnerable drivers, including:
- Exploit Pack drivers built by the instructors for this course
- Real-world vendor vulnerable samples and exploit templates
As takeaways, participants will receive access to the tools we use for advanced vulnerability discovery and exploit development, including:
- IOCTL++
- Exploit templates
- Plugins for Ghidra, WinDbg, etc.
- Additional tooling and supporting materials
Schedule & Delivery
Format: Pre-recorded videos, learn at your own pace
Content: A total of 4 videos, downloadable tools, and materials
Exercises: Included in the training
Support & Community
During the training, you can access our Discord channel #training to share progress, ask questions, and collaborate with instructors and other participants.
Couldn't load pickup availability
![Windows Kernel Exploitation [Advanced]](http://www.exploitpack.com/cdn/shop/files/Tainingadvanced.png?v=1776091740&width=1445)
![Windows Kernel Exploitation [Advanced]](http://www.exploitpack.com/cdn/shop/files/Tainingbasic.png?v=1776092228&width=1445)
![Windows Kernel Exploitation [Advanced]](http://www.exploitpack.com/cdn/shop/files/37f310f4-4842-40b7-8343-67ca71955d13.png?v=1776092228&width=1445)