Inside Microsoft's Plan to Kill PPLFault

Analyzing upcoming improvements to the Windows Code Integrity subsystem that make it harder for malware to tamper with Anti-Malware processes.

Forget Vulnerable Drivers - Admin Is All You Need

Demonstrating that admin-to-kernel exploits are just as dangerous as vulnerable drivers, and MSRC needs to take them seriously.

Sandboxing Antimalware Products for Fun and Profit

Demonstrating a flaw that allows attackers to bypass a Windows security mechanism protecting anti-malware products from various forms of attack.

Finding Truth in the Shadows

Three benefits that Hardware Stack Protection brings beyond exploit mitigation, plus limitations of the technology.

Detecting and Blocking Unknown KnownDlls

Detecting Windows Protected Process Light code integrity violations in real time using kernel callbacks and Elastic Security.

Protecting Windows Protected Processes

Discussing a userland Windows privilege escalation exploit and providing an open source tool that mitigates it via ACL hardening.