Analyse dynamique de pilotes Windows

Back to the list of Speakers and Sessions

L'objectif principal est de montrer que la recherche de vulnérabilités dans les modules de kernel Windows est à la portée de toute personne enthousiaste équipée d'un laptop capable d'exécuter deux machines virtuelles.

De plus, l'atelier cherche a démontrer que certains modules de kernel Windows, pourtant dûment signés numériquement, peuvent présenter des vulnérabilités relativement facile à trouver .

L'atelier couvrira les points suivants:

  • Configuration du débogage réseau sur la machine virtuelle cible
  • Configuration de WinDBG preview sur la machine virtuelle assignée comme débogeur.
  • Analyse statique d'un module de kernel Windows avec Ghidra
  • Analyse dynamique avec Windbg dans un but de recherche de vulnérabilités.
Participants should prepare by:
  • Knowledge of the hypervisor software they indent to use (VirtualBox, VMWare, KVM)
  • Ability to use command line
  • Access to a compiler and basic knowledge of C code to build the userspace software
  • Knowledge of X86_64 assembly code
Participants must have the following equipment:

Laptop with at least 16GB of ram and 100GB of free storage space to host 2 Windows virtual machines.


Marc-André Labonté ,

Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.

Then, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing vulnerability research on IOT devices, he also presented "Automated contact tracing experiment on ESP Vroom32" workshop at NSEC in 2021. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.