The Immutable Illusion: Pwning Your Kernel with Cloud Files
Threat actors can abuse a class of vulnerabilities to bypass security restrictions and break trust chains.
Security research and Windows internals
Threat actors can abuse a class of vulnerabilities to bypass security restrictions and break trust chains.
Introducing a previously-unnamed class of Windows vulnerability that demonstrates the dangers of assumption and describes unintended security consequences.
Analyzing upcoming improvements to the Windows Code Integrity subsystem that make it harder for malware to tamper with Anti-Malware processes.
Demonstrating that admin-to-kernel exploits are just as dangerous as vulnerable drivers, and MSRC needs to take them seriously.
Demonstrating a flaw that allows attackers to bypass a Windows security mechanism protecting anti-malware products from various forms of attack.
Three benefits that Hardware Stack Protection brings beyond exploit mitigation, plus limitations of the technology.
Detecting Windows Protected Process Light code integrity violations in real time using kernel callbacks and Elastic Security.
Disclosing a new executable image tampering attack that allows malware to evade security products by running deleted executables.
Discussing a userland Windows privilege escalation exploit and providing an open source tool that mitigates it via ACL hardening.