YoVDO

Living Off the Walled Garden

Offered By: Recon Conference via YouTube

Tags

REcon Conference Courses Windows Security Courses Security Vulnerabilities Courses

Course Description

Overview

Explore the vulnerabilities in Windows' Early Launch Antimalware (ELAM) functionality and Protected Process Light (PPL) services in this 45-minute conference talk from Recon 2022. Delve into the methodology for assessing ELAM drivers and discover how overly-permissive rules can be exploited by adversaries without relying on traditional vulnerabilities. Learn about scenarios where malware can gain anti-tampering protections, hindering detection and remediation efforts. Witness a demonstration of achieving user-mode code execution through an abusable, signed executable running with antimalware-light protection level. Gain insights into why Microsoft labels these security features as "best-effort" and understand the limitations of these defense-in-depth measures.

Syllabus

Recon 2022 - Living Off the Walled Garden


Taught by

Recon Conference

Related Courses

Blockchain Scalability and its Foundations in Distributed Systems
The University of Sydney via Coursera
Don's Introduction to Ethical Hacking for Beginners
Udemy
Hacking und Netzwerkanalyse mit Wireshark - Der Komplettkurs
Udemy
Penetration Testing of Identity, Authentication and Authorization Mechanism
Pluralsight
ASP.NET MVC 5 Identity: Authentication and Authorization
LinkedIn Learning