Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Fooling Windows Through Superfetch

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of Windows Superfetch service and its implications for privacy and security in this 41-minute Black Hat conference talk. Delve into the inner workings of Superfetch, a Windows service designed to enhance user experience by predicting and preloading frequently used applications and files. Discover how this seemingly helpful feature creates a detailed record of user activity, potentially exposing sensitive information to forensic analysis. Learn about the various components of Superfetch, including scenario files, database structures, and caching mechanisms. Examine the privacy concerns raised by this service and understand how it can be exploited by malicious actors or government agencies. Follow the presenters as they outline a roadmap for manipulating Superfetch, offering insights into both the risks and potential countermeasures. Gain valuable knowledge about often-overlooked aspects of Windows system behavior and their impact on digital forensics and user privacy.

Syllabus

Intro
The service Sys Main
Optimizing the boot
Mechanism memory paging
Mechanism reducing memory operations
Agent Context (AgCx)
Types of Superfetch tasks
Database files: generalities
Database reading process
Scenario files: generalities
Scenario files: construction
Scenario files: names
Scenario files: content
The cache files
What about the content of the file?
Exploit the scenarios
The roadmap to fool SysMain
The solution

Taught by

Black Hat

Reviews

Start your review of Fooling Windows Through Superfetch

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.