I ask if the GRU is running Windows 10 in part because of the fanciful indictment of twelve Russians that presumes key logging on GRU computers.
That and I saw: Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018), today.
From the post:
…
My contribution to the above result was a flag for the “Searchme” task authored by Eat, Sleep, Pwn, Repeat. It involved the exploitation of an off-by-one buffer overflow of a PagedPool allocation made by a vulnerable kernel driver loaded in Windows 10 64-bit. Shortly after the CTF, the original author (@_niklasb) published the source code of the driver and the corresponding exploit (see niklasb/elgoog on GitHub and discussion on Twitter), which revealed that my solution was partially unintended. Niklas used the off-by-one to corrupt allocation metadata and performed some pool feng-shui to get overlapping pool chunks. On the other hand, I achieved a similar outcome through a data-only attack without touching any pool metadata, which made the overall exploitation process somewhat simpler. I encourage you to closely analyze Niklas’ exploit, and if you’re interested in my approach, follow along.
If you want to jump straight to the exploit code, find it on GitHub.
…
Beyond my current skill level but a good example to follow for improving the same.
Aside to the GRU: Software compiled by others is untrustworthy. All cases, no exceptions. Consider Linux.