DefCon 25: Demystifying Windows Kernel Exploitation by Abusing GDI Objects

The talk is about Windows kernel exploitation by abusing GDI objects to gain Elevation of Privileges, and releasing a new GDI object abuse technique by using GDI Palettes. Specifically, MS16-098 affecting Windows 8.1 x64 bits, exploited by abusing Bitmap objects, and MS17-017 affecting Windows 7 SP1 x86, exploited by abusing GDI Palette objects.