ALPChecker: Detecting Spoofing and Blinding Attacks on ALPC - HITB 2023

Explore a cutting-edge security research presentation on detecting spoofing and blinding attacks targeting Windows' Asynchronous Local Procedure Call (ALPC) mechanism. Dive into the vulnerabilities of ALPC, a crucial inter-process communication facility extensively used in Windows. Learn about three new kernel-level attacks on ALPC connections that can spoof and blind security tools without triggering alerts. Discover ALPChecker, a novel security tool designed to detect these kernel mode attacks on ALPC interactions. Gain insights into the detection techniques used by ALPChecker and its potential to enhance Windows system security. Understand the implications of these attacks on Windows management and security tools, and how ALPChecker can help prevent bypassing and disabling of protection mechanisms.