Dive into a technical DEF CON conference talk exploring Microsoft's Sudo for Windows implementation for Windows 11 Insider Preview, focusing on its architecture, process elevation mechanisms, and security implications. Learn about the ALPC service's role in facilitating communication between elevated and non-elevated processes, understand how Rust interfaces with Windows APIs, and examine the intricacies of path resolution for files and relative paths. Discover security vulnerabilities uncovered during the analysis while gaining insights into Windows reverse engineering and Rust memory safety. Though beneficial to have knowledge of Windows Inter-Process Communication and heap allocation, the core concepts remain accessible with basic understanding of process memory organization.
Overview
Syllabus
DEF CON 32 - Sudos and Sudon’ts: Peering inside Sudo for Windows - Michael Torres
Taught by
DEFCONConference