Win32k.sys is infamous for being the prime target used by hackers for modern exploitation and browser/sandbox escapes on Windows: the driver managing the user and graphics subsystems. With its legacy spanning as far back as NT 4 (released in 1996), there are significant challenges with its security attestation. This talk while touching a bit of Win32k history covering its various design shifts at the expense of security, but will mostly focus on how long standing insecure design were revisited and remediate. In hindsight the talk will give a deeper analysis on various mitigations added in latest Windows release (RS4), resulting in exploits getting more expensive, unreliable and in some cases impossible.

Vishal Chauhan is a Security Engineering Lead in Microsoft Security Response Center (MSRC) team. His background includes deep kernel security expertise and has driven and developed multiple security mitigation approaches in Windows kernel space, including but not limited to Win32k security.

@axsdnied

Back to Derbycon 2018 video list