MemoryRanger Comes to the Rescue Again

Explore cutting-edge research on kernel data attacks in Windows and their prevention using MemoryRanger in this 43-minute conference talk from the Hack In The Box Security Conference. Dive into three specific attack methods: Hijacking NTFS structures, Handle Hijacking, and Token Hijacking, which bypass Windows security features like PatchGuard and Device Guard. Learn how MemoryRanger, a hypervisor utilizing VT-x and EPT technologies, effectively counters these threats by isolating and protecting sensitive kernel structures. Gain insights into the technical details of each attack, their impact on file access and privilege escalation, and how MemoryRanger's innovative approach can benefit various cybersecurity solutions. Presented by Dr. Igor Korkin, an experienced security researcher specializing in rootkit detection, memory forensics, and Windows OS kernel security, this talk offers valuable knowledge for cybersecurity professionals and researchers interested in advanced Windows kernel protection techniques.