Explore a groundbreaking approach to Windows kernel security in this 51-minute Black Hat conference talk. Delve into the limitations of Windows 10's memory protection features, including Windows Defender Device Guard and PatchGuard, and discover how malware can still exploit vulnerabilities in third-party drivers. Learn about MemoryRanger, an innovative solution that isolates drivers in separate kernel spaces to enhance system security. Gain insights into preventing malware from stealing and modifying allocated memory, as well as blocking attempts to elevate process privileges through EPROCESS patching. Presented by Igor Korkin, this talk offers valuable knowledge for cybersecurity professionals and enthusiasts interested in advanced Windows kernel protection techniques.
Divide et Impera - MemoryRanger Runs Drivers in Isolated Kernel Spaces
Overview
Syllabus
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Taught by
Black Hat
Related Courses
-
Windows Kernel Patch Protection - Achilles Heel - PatchGuard
-
Kernel Mode Rootkits
-
Kernel Mode Threats and Practical Defenses
-
Data-Only Pwning Microsoft Windows Kernel
-
Ret2dir - Deconstructing Kernel Isolation
-
Social Engineering the Windows Kernel - Finding and Exploiting Token Handling Vulnerabilities
