This session will look at critical design flaws of Microsoft Windows Hardware Quality Signed (WHQL) drivers and Windows 10's new security and anti-exploit features. A comprehensive walkthrough of attacking the kernel with these drivers and circumventing the exploit mitigations with AMD64 paging abuse will be discussed. In the end, a set of possible mitigations will be proposed.

RSA® Conference, the world’s leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year’s event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations across crypto and blockchain.

Defeating Windows Anti-Exploit & Security Features with WHQL Kernel Drivers

Conference: RSA Conference 2022

Abstract

Post a comment

Related work

Windows Kernel Patch Protection - Achilles Heel: PatchGuard

Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem

Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces

PPLdump Is Dead. Long Live PPLdump!

Breaking VSM by Attacking SecureKernel

Side Channel Attacks in 4G and 5G Cellular Networks