Jump to content
Nytro

Understanding and Defeating Windows 8.1 Kernel Patch Protection

By Nytro, in Reverse engineering & exploit development

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Understanding and Defeating Windows 8.1 Kernel Patch Protection: It’s all about gong fu! (part 2)

Andrea Allievi

Talos Security Research and Intelligence Group - Cisco Systems Inc.

aallievi@cisco.com

November 20th, 2014 - NoSuchCon

Who am I

• Security researcher, focused on Malware Research

• Work for Cisco Systems in the TALOS Security Research and

Intelligence Group

• Microsoft OSs Internals enthusiast / Kernel system level developer

• Previously worked for PrevX, Webroot and Saferbytes

• Original designer of the first UEFI Bootkit in 2012, and other

research projects/analysis

Agenda

0. Some definitions

1. Introduction to Patchguard and Driver Signing Enforcement

2. Kernel Patch Protection Implementation

3. Attacking Patchguard

4. Demo time

5. Going ahead in Patchguard Exploitation

Download: http://www.nosuchcon.org/talks/2014/D2_01_Andrea_Allievi_Win8.1_Patch_protections.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...