Study_pdf

这里是我学习Windows内核上参阅过的感觉对自己有用的一些资料，大多是Windows平台上搜集的一些paper，fuzz的话我会逐渐补上，当然是我自己看完了然后觉得有用的才会放上来

Principle

内存池分配机制

Year PDF Content

2011 BlackHat_DC_2011_Mandt_kernelpool-wp Windows 7平台内存池分配原理
Windows kernel提权原理

Year PDF Content

2012 BH_US_12_Cerrudo_Windows_Kernel_WP Windows令牌提权原理
Bypass

Year PDF Content

2015 Windows SMEP bypass U=S SMEP原理及绕过

任意读写技巧

Year	PDF	Content
2015	Abusing GDI for ring0 exploit primitives	滥用Bitmap实现任意读写
2017	Abusing_GDI_for_ring0_exploit_primitives_Evolution_Slides	滥用其他GDI对象实现任意读写
2017	us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level–Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp	Windows 10上任意读写技巧分析
2017	Windows 10 内核漏洞利用防护及其绕过方法	上一个paper的中文翻译版本

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.gitattributes		.gitattributes
Abusing GDI for ring0 exploit primitives-2015.pdf		Abusing GDI for ring0 exploit primitives-2015.pdf
Abusing_GDI_for_ring0_exploit_primitives_Evolution_Slides.pdf		Abusing_GDI_for_ring0_exploit_primitives_Evolution_Slides.pdf
BH_US_12_Cerrudo_Windows_Kernel_WP.pdf		BH_US_12_Cerrudo_Windows_Kernel_WP.pdf
BlackHat_DC_2011_Mandt_kernelpool-wp.pdf		BlackHat_DC_2011_Mandt_kernelpool-wp.pdf
README.md		README.md
Windows 10 内核漏洞利用防护及其绕过方法.pdf		Windows 10 内核漏洞利用防护及其绕过方法.pdf
Windows SMEP bypass U=S.pptx		Windows SMEP bypass U=S.pptx
mwri-securitay-2017-samdb-a-window-into-ring0.pdf		mwri-securitay-2017-samdb-a-window-into-ring0.pdf
us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level–Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf		us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level–Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf