Kernel-Mode Exploitation

Windows kernel internals and attack surface — the structures, drivers, and subsystems exploited in modern LPEs.

15 pages in this category.

• Windows Kernel Architecture for Exploiters
• CimFS — Composite Image File System
• cldflt.sys — Windows Cloud Files Mini Filter Driver
• CLFS — Common Log File System
• CLFS Authentication Mitigation (HMAC + Merkle Tree)
• DirectX / WDDM Kernel Attack Surface
• Windows I/O Ring — Kernel Internals and Exploitation
• Windows Kernel Streaming — Attack Surface & Vulnerability Research
• Windows Minifilter Drivers
• Kernel Mitigations
• Windows Kernel Pool Internals
• Kernel Exploit Primitives
• Windows TCP/IP Stack Internals (tcpip.sys)
• VTL Secure Calls — NT ↔ Secure Kernel Interface
• Windows Notification Facility (WNF) — Internals & Exploitation