EBPF ELFs JMPing Through the Windows

Explore the capabilities, security model, and implementation details of eBPF for Windows in this comprehensive Black Hat conference talk. Delve into the eBPF API, trusted static verifier, JIT engine, and kernel implementation of trace hooks and telemetry providers. Uncover vulnerabilities across multiple layers through demonstrations of fuzzing Windows eBPF components and real-time bug discovery. Examine the challenges of exploiting memory corruption in the eBPF implementation on Windows, particularly within the context of Windows Protected Processes. Gain valuable insights into the design and attack surface of this powerful technology, presented by Richard Johnson over the course of 40 minutes.

eBPF ELFs JMPing Through the Windows