Living Off the Walled Garden
Offered By: Recon Conference via YouTube
Course Description
Overview
Explore the vulnerabilities in Windows' Early Launch Antimalware (ELAM) functionality and Protected Process Light (PPL) services in this 45-minute conference talk from Recon 2022. Delve into the methodology for assessing ELAM drivers and discover how overly-permissive rules can be exploited by adversaries without relying on traditional vulnerabilities. Learn about scenarios where malware can gain anti-tampering protections, hindering detection and remediation efforts. Witness a demonstration of achieving user-mode code execution through an abusable, signed executable running with antimalware-light protection level. Gain insights into why Microsoft labels these security features as "best-effort" and understand the limitations of these defense-in-depth measures.
Syllabus
Recon 2022 - Living Off the Walled Garden
Taught by
Recon Conference
Related Courses
Blockchain Scalability and its Foundations in Distributed SystemsThe University of Sydney via Coursera Don's Introduction to Ethical Hacking for Beginners
Udemy Hacking und Netzwerkanalyse mit Wireshark - Der Komplettkurs
Udemy Penetration Testing of Identity, Authentication and Authorization Mechanism
Pluralsight ASP.NET MVC 5 Identity: Authentication and Authorization
LinkedIn Learning