HackSys Extreme Vulnerable Driver · vulnerable-app/ •In-house Fuzz testing Infrastructure...

HackSys Extreme Vulnerable DriverBY ASHFAQ ANSARI (@HackSysTeam)

$whoami• Ashfaq Ansari• Security Consultant/Researcher @ Payatu Technologies Pvt. Ltd.

• Interests• Vulnerability Research, Kernel Exploitation, Reverse Engineering, Exploit Development, Program

Analysis, Malware Research, Web Security & Machine Learning

• About Payatu• A boutique security testing company specializing in Iot, Mobile, Cloud - http://www.payatu.com

• HackSys Extreme Vulnerable Driver - http://www.payatu.com/hacksys-extreme-vulnerable-driver/

• Damn Insecure and Vulnerable App for Android - http://www.payatu.com/damn-insecure-and-vulnerable-app/

• In-house Fuzz testing Infrastructure

• Security training in Mobile and IoT exploitation – Blackhat, Brucon, Hack In Paris and Corporate trainings

What is HackSys Extreme Vulnerable Driver?

It is intentionally vulnerable Windows Kernel Driver developed for security enthusiasts to learnand polish their exploitation skills at Kernel level.

HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simpleBuffer Overflow to complex Use After Free, Uninitialized Variable and Pool Overflow.

This allows the researchers to explore the different exploitation techniques for everyimplemented vulnerabilities.

Why is HackSys Extreme Vulnerable Driver?

• No proper vulnerable driver to learn exploitation in Kernel mode

• Lack of working exploits

• No proper documentation

• What about source code?

• How do we mitigate the vulnerabilities?

• HackSys Extreme Vulnerable Driver or HackSys Extreme Secure Driver?

Vulnerabilities Implemented

Pool Overflow Use After Free Stack Overflow

Type Confusion Integer OverflowStack Overflow

Uninitialized Variable

Null Pointer Dereference

Arbitrary Memory

Overwrite

HackSys Extreme Vulnerable Driver

Exploitation – Pool Overflow

Exploitation – Use After Free

Exploitation – Arbitrary Overwrite

Exploitation – Integer Overflow

Exploitation – Type Confusion

Exploitation – Challenge – Uninitialized Variable

References

• Blog: http://www.payatu.com/hacksys-extreme-vulnerable-driver/

• Source: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver

Thanks!• Q & A

• Reach me• ashfaq@payatu.com

• @HackSysTeam

• http://hacksys.vfreaks.com/

• https://github.com/hacksysteam

• http://null.co.in/profile/411-ashfaq-ansari

HackSys Extreme Vulnerable Driver · vulnerable-app/ •In-house Fuzz testing Infrastructure...

Documents

UPnProxy: blackhat proxies via NAT injections | Akamai · 2019-11-25 · UPnProxy: Blackhat Proxies via NAT Injections 3 When the device is vulnerable to injection, a simple SOAP/XML

Offensive Techniques Brucon

Blackhat Analytics 2 @ Superweek

PANIC Project - BRUCon 2012 Presentation

Introduction to Blackhat SEO

LSEC - BruCON

Acquisti Faces BLACKHAT Draft

DarkComet Blackhat Presentation 2015_08_05

OSXCollector: Automated forensic evidence collection & analysis for OS X (BruCON 0x07)

Tools for Automated Analysis of Cybercriminal Marketsjkk.name/pub/ · prior to the leak (Blackhat World, Nulled, Antichat, Carders and L33tCrew). Blackhat World. Blackhat World focuses

SamuraiWTF Course Slides v14 - BruCON 2012

SecLists @ BlackHat Arsenal 2015

Valletta - BruCON 2013 - CobraDroid - Hooking Android Applications

BlackHat 2014 - xsssniper

Teaser Brucon 2013 Hacking PDF Training

CobraDroid HOOKING ANDROID APPLICATIONS Jake Valletta BruCON 2013

BruCON Agnitio Workshop

The SEO Blackhat

Mobile Point of Scam: Attacking the Square Reader Conf/Blackhat/2015/us-15... · design ﬂaws, leaving them vulnerable to both third parties and malicious merchants. I. INTRODUCTION

BlackHat Hacking - Hacking VoIP