Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Windows Kernel Patch Protection - Achilles Heel - PatchGuard

RSA Conference via YouTube

Overview

Explore the critical design flaw in Windows Kernel Patch Protection (PatchGuard) during this 40-minute RSA Conference talk. Delve into PatchGuard's architecture, its role in preventing kernel code modifications, and the intricacies of an attack that exploits this vulnerability to completely disable PatchGuard's response. Learn about the system's checking mechanisms, crash response analysis, and various flaws, including issues with CPU debug registers and code servicing routines. Witness a demonstration of the attack, discuss potential problems and improvements, and gain insights into immediate and future mitigation strategies for enhancing Windows kernel security.

Syllabus

Introduction
About Me
Agenda
Objective
What is PatchGuard
What does PatchGuard check
Response analysis of PatchGuard
What happens after a crash
Flaws
Nonsense
CPU Debug registers
Code
Servicing Routine
Creating the Hook
Stall Routine
Log File Entry
Kernel Address
Demo
Problems and Improvements
What to Do Now
What to Do Next

Taught by

RSA Conference

Reviews

Start your review of Windows Kernel Patch Protection - Achilles Heel - PatchGuard

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.