logo

Defeating Windows Anti-Exploit & Security Features with WHQL Kernel Drivers

Conference:  RSA Conference 2022

2022-06-06

Abstract

This session will look at critical design flaws of Microsoft Windows Hardware Quality Signed (WHQL) drivers and Windows 10's new security and anti-exploit features. A comprehensive walkthrough of attacking the kernel with these drivers and circumventing the exploit mitigations with AMD64 paging abuse will be discussed. In the end, a set of possible mitigations will be proposed.

Materials:

Tags: