Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Staying Undetected Using the Windows Container Isolation Framework

DEFCONConference via YouTube

Overview

Explore a DEF CON 31 conference presentation that delves into the Windows Container Isolation Framework and its potential security implications. Learn about the fundamentals of Windows Containers introduced in Windows Server 2016, including process and Hyper-V isolation modes. Understand how the file system separation works in containers, balancing system file access with storage efficiency. Through reverse engineering of the main mini-filter driver, discover how malicious actors could potentially manipulate this framework to bypass EDR (Endpoint Detection and Response) products. Gain insights into why this default Windows technology presents unique security challenges, particularly in its container escape prevention mechanisms. Access an open-source tool developed from the research findings and understand the broader implications for container security in modern Windows environments.

Syllabus

DEF CON 31 - Staying Undetected Using the Windows Container Isolation Framework - Daniel Avinoam

Taught by

DEFCONConference

Reviews

Start your review of Staying Undetected Using the Windows Container Isolation Framework

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.