Explore the intricacies of Windows Subsystem for Linux (WSL) in this 25-minute conference talk from Derbycon 2016. Dive into Microsoft's diagram driver architecture, focusing on LXCORE's role in providing syscalls. Examine WSL's filesystem structure and learn techniques for identifying WSL environments. Discuss Metasploit payload compatibility and Linux kernel protections within WSL. Analyze cross-process access, including the limitations of Linux processes interacting with Windows processes. Investigate bidirectional access between Linux and Windows environments, as well as cross-user access considerations in WSL. Gain valuable insights into the security implications and potential attack vectors within this hybrid system.
Overview
Syllabus
Intro
Overview
Microsoft's Diagram
Driver Architecture - LXCORE Provides the main
Syscalls You Say?
Filesystems - WSL 2 main file systems
Identifying WSL
Metasploit Payload Compatibility
Linux kernel Protections
Cross Process Access - Desirable for an attacker to infect the Linux container or Windows host - Linus processes can not list Windows processes
Linux - Windows Access
Windows - Linux Access
Cross User Access - WSL Environments are specific to the user who started them
References
