DriverJack: Turning NTFS and Emulated ROFs into an Infection

Watch this 47-minute DEF CON conference talk exploring sophisticated cyberattack methodologies and security vulnerabilities in Windows systems. Dive deep into attack deployment techniques targeting simulated read-only filesystems and NTFS vulnerabilities, examining how threat actors have adapted since the 2011 Windows security architecture updates including Driver Signature Enforcement (DSE) and Hypervisor-protected Code Integrity (HVCI). Learn about a novel exploitation method leveraging weaknesses in emulated filesystems for covert malware installation, newly discovered NTFS vulnerabilities enabling attacker persistence, and alternative approaches to usermode malware delivery and execution. Gain valuable insights into relevant Indicators of Compromise (IOCs) for detecting and identifying these attack patterns.