Overview
Explore a groundbreaking approach to Windows kernel security in this 51-minute Black Hat conference talk. Delve into the limitations of Windows 10's memory protection features, including Windows Defender Device Guard and PatchGuard, and discover how malware can still exploit vulnerabilities in third-party drivers. Learn about MemoryRanger, an innovative solution that isolates drivers in separate kernel spaces to enhance system security. Gain insights into preventing malware from stealing and modifying allocated memory, as well as blocking attempts to elevate process privileges through EPROCESS patching. Presented by Igor Korkin, this talk offers valuable knowledge for cybersecurity professionals and enthusiasts interested in advanced Windows kernel protection techniques.
Syllabus
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Taught by
Black Hat