DefCon 25: Demystifying Windows Kernel Exploitation by Abusing GDI Objects
The talk is about Windows kernel exploitation by abusing GDI
objects to gain Elevation of Privileges, and releasing a new GDI object abuse
technique by using GDI Palettes. Specifically, MS16-098 affecting Windows 8.1
x64 bits, exploited by abusing Bitmap objects, and MS17-017 affecting Windows 7
SP1 x86, exploited by abusing GDI Palette objects.