COUNTERMEASURE25 Talk

In this talk, we reveal how we discovered over 30 exploitable Microsoft-signed Windows drivers, even on fully patched systems. We detail our reversing method and a flaw in the driver signing process that lets attackers create undetectable, validly signed driver variants.

Rust can be challenging for even experienced reverse engineers. We will reverse a simple Rust malware loader found in the wild with obfuscated strings and a decoy payload, making it a good example for learning Rust reversing concepts like threads, dynamic dispatch, and type recovery.

CVE-2025-29824 is a use-after-free in Windows CLFS that doesn't require tampering with CLFS containers. We discuss the root cause, reliable triggers, how it leads to kernel-level privilege escalation, detection strategies and potential forensic artefacts to monitor in real-world environments.

Windows kernel driver writing may seem like "black magic", but like anything, it can be learned. In this code-packed session, we'll write one (or two) drivers from scratch, demonstrating the tools you need, and the foundations required for such a task.