Windows Kernel Exploitation [Basic]
Windows Kernel Exploitation [Basic]
Instructor of the training: Juan Sacco is a security researcher and exploit developer focused on exploit development, reverse engineering, and Windows kernel exploitation. Founder of Exploit Pack. [GitHub] [LinkedIn]
Throughout the course, you will:
- Set up a robust development and debugging environment.
- Develop a minimal Windows software driver and debug it.
- Configure reverse-engineering tools like Ghidra and WinDbg, and synchronise them with RetSync.
- Reverse-engineer drivers to identify and triage vulnerabilities.
The basic training focuses on three primary exploit classes:
- Physical memory primitives
- WRMSR / RDMSR primitives
- Stack overflows
These exploit classes will be used throughout the training to introduce exploitation techniques, bypasses, and evasion. You will also learn about kernel protections and mitigations and how they affect exploitability in modern Windows 11 builds.
Topics included in the Windows Kernel Exploitation [Basic]:
- Windows driver internals, architecture, and debugging
- Building a lab for kernel driver research
- Reverse engineering of 64-bit Windows kernel drivers
- Analysis of vulnerable samples
- Exploit classes and primitives
- Undocumented and documented kernel structures and functions
- User-mode to kernel-mode communication, IRPs, and IOCTLs
- Kernel-mode callbacks
- IRQL, execution context, APCs, and DPCs
- Physical memory, virtual memory, and address translation
- Virtualization-Based Security (VBS) and its security implications
- Kernel protection and mitigation concepts, including kASLR, NX, SMEP, SMAP,
- kCFG, kCET, PatchGuard, and HVCI
Additionally, we’ll cover protection, filtering, and obfuscation techniques commonly used by software vendors within drivers to restrict or hide IOCTLs.
Hands-on Exercises & Materials
You will practice against real, vulnerable drivers, including:
- Exploit Pack drivers built by the instructors for this course
- Real-world vendor vulnerable samples and exploit templates
As takeaways, participants will receive access to the tools we use for vulnerability discovery and exploit development, including:
- IOCTL++
- Exploit templates
- Plugins for Ghidra, WinDbg, etc.
- Additional tooling and supporting materials
Schedule & Delivery
Format: Pre-recorded videos, learn at your own pace
Content: A total of 4 videos, downloadable tools, and materials
Exercises: Included in the training
Support & Community
During the training, you can access our Discord channel #training to share progress, ask questions, and collaborate with instructors and other participants.
Couldn't load pickup availability
![Windows Kernel Exploitation [Basic]](http://www.exploitpack.com/cdn/shop/files/Tainingbasic.png?v=1776092228&width=1445)
![Windows Kernel Exploitation [Basic]](http://www.exploitpack.com/cdn/shop/files/37f310f4-4842-40b7-8343-67ca71955d13.png?v=1776092228&width=1445)
![Windows Kernel Exploitation [Basic]](http://www.exploitpack.com/cdn/shop/files/Tainingadvanced.png?v=1776091740&width=1445)