Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Analysis of the Attack Surface of Windows 10 Virtualization-Based Security

Black Hat via YouTube

Overview

Explore the intricacies of Windows 10's virtualization-based security (VBS) in this 51-minute Black Hat conference talk. Delve into the VBS implementation details and assess its unique attack surface, focusing on potential vulnerabilities arising from platform complexity, particularly UEFI firmware. Witness demonstrations of actual exploits, including a non-critical bypass of a VBS feature and a critical firmware vulnerability. Gain insights into VBS architecture, Credential Guard, code integrity enforcement, and kernel HVCI bypass. Examine root partition privileges, unfiltered MMCFG access issues, and SMM abuse examples. Enhance your understanding of Windows 10 security architecture and potential attack vectors in this comprehensive analysis presented by Rafal Wojtczuk.

Syllabus

Intro
VBS architecture
Credential Guard architecture
CG RPC interface
CG scenario 2
VBS-enforced code integrity
Kernel HVCI bypass, MS16-066
Necessary support
Root partition privileges
Problem 1-unfiltered MMCFG • MMCFG is a region of physical address space, access
Overlap VTd bars
S4 sleep
SMM abuse example
Questions?

Taught by

Black Hat

Reviews

Start your review of Analysis of the Attack Surface of Windows 10 Virtualization-Based Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.