Explore the security landscape of Windows 10 in this 50-minute conference talk presented by James Forshaw at the 44CON Information Security Conference. Delve into the advanced security features of Windows 10, such as Control Flow Guard and Credentials Isolation, while examining the potential vulnerabilities that accompany these new additions. Gain insights into the challenges of secure engineering as Forshaw dissects local system vulnerabilities, service privilege levels, and isolated user mode. Analyze the security measures implemented in Microsoft Edge, including its handling of Flash content. Investigate User Account Control (UAC) mechanisms, focusing on auto-elevation processes and directory checks. Learn about Windows symbolic links, Win32k hardening, and process silos. Discover how changes in device object handling and root object directory replacement impact system security. Conclude with a public service announcement and reflections on the ongoing complexities of maintaining a secure operating system.
Overview
Syllabus
Intro
What I'm Going to Talk About
Local System Vulnerabilities are Dead!
System Services and Drivers
Service Privilege Levels
Service Start Mode
Accessible Device Objects
Isolated User Mode
Isolated LSASS
Edge Browser
Microsoft Edge Security
Microsoft Edge and Flash
User Account Control
UAC Auto Elevation Directory Check
Folder Permissions
Elevated Token Impersonation
If You Change Task Manager Needs a Prompt
Windows Symbolic Links
Mitigated in Sandboxes
Win32k Hardening
User Mode Font Driver
Process Silos
Opening Device Object
Replace the Root Object Directory
Public Service Announcement
Conclusions
Good Old Issue 222
Taught by
44CON Information Security Conference
