Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Kernel Mode Threats and Practical Defenses

Black Hat via YouTube

Overview

Explore kernel mode threats and practical defense strategies in this Black Hat conference talk. Delve into the evolution of OS security measures by Microsoft, including PatchGuard, Driver Signature Enforcement, and SecureBoot, and their impact on commodity kernel mode malware. Examine how advanced attackers bypass these protections and continue to leverage kernel mode malware. Learn about first-generation kernel threats, boot kits, and Secure Boot. Investigate Dooku Threats, Double Pulsar, and Hypervisor Code Integrity. Analyze implant design, including the Turla Driver Loader, and explore data-driven attacks, code reuse attacks, and kernel stack hooking. Discover techniques for hunting in the kernel, detecting threats like Double Pulsar, and implementing real-time detection. Evaluate the weaknesses and limitations of Windows platform security, and gain insights into improving your defensive tradecraft against kernel mode threats.

Syllabus

Introduction
Why this talk
First generation kernel threats
Microsofts defenses
Boot Kits
Secure Boot
Dooku Threats
Double Pulsar
Hypervisor Code Integrity
Red vs Blue
Implant Design
Turla Driver Loader
Improving our tradecraft
Datadriven attacks
Code reuse attacks
Kernel stack hooking
Calling a function
Readwrite primitive
Demo
Blacklist of known exploitable drivers
How to hunt in the kernel
Page table remapping
Detecting double pulsar
Realtime detection
Weaknesses
Windows
Microsoft
Weaknesses Limitations
Recap
Windows Platform Security

Taught by

Black Hat

Reviews

Start your review of Kernel Mode Threats and Practical Defenses

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.