Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Linux Kernel Hidden Inside Windows 10

Black Hat via YouTube

Overview

Explore the hidden Linux kernel within Windows 10 in this 52-minute Black Hat conference talk. Dive deep into the implementation of "Project Astoria," which allows Windows to run native, unmodified Linux binaries. Learn about the Ring 0 driver with kernel privileges that enables this functionality, and understand its implications for security, including potential vulnerabilities and attack surfaces. Examine how this new paradigm affects security software, process management, and system calls. Discover the challenges posed by this integration, including the potential for Linux/Android malware to target Windows machines. Gain insights into the internals of this groundbreaking feature, uncovering design flaws and security challenges in Windows 10 Anniversary Update.

Syllabus

Intro
INTRODUCTION
MINIMAL PROCESS
PICO PROCESS
PICO PROVIDERS
PICO PROVIDER SECURITY
WSL COMPONENT OVERVIEW
SYSTEM CALLS
DEVICE OBIECT INTERFACES
BUS INSTANCES
SOCKETS / FILES
BUS IPC MARSHALLING
BUS IPC DATA EXCHANGE
INITIAL ANALYSIS
ATTACK SURFACE ANALYSIS
PROCESS / THREAD NOTIFICATIONS & BEHAVIOR
CONCLUSION

Taught by

Black Hat

Reviews

Start your review of The Linux Kernel Hidden Inside Windows 10

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.