Subverting Trust in Windows - A Case Study of the How and Why of Engaging in Security Research

Explore the intricacies of Windows security research in this 49-minute conference talk from Derbycon 7. Delve into the speaker's journey of subverting trust in Windows, examining the how and why of engaging in security research. Learn about dynamic analysis, signature validation, and cryptographic guarantees for code. Discover insights on PowerShell, SIP, and Device Guard, as well as techniques for bypassing security measures. Gain valuable lessons from the speaker's experiences, including the importance of embracing distractions and shiny objects in security research. Follow the thought process behind investigating Windows registry, implementing code, and validating trust. Ideal for cybersecurity professionals and enthusiasts interested in Windows security vulnerabilities and research methodologies.

Introduction
What is a typical hacker talk
What this video is about
About me
Technical Meet
Dynamic Analysis
Frustration
Slow Down
signature validation
additional tools
cryptographic guarantees
digital signatures for code
who should I trust
trust no one
lesson
Demo
My Thought Process
PowerShell
SIP
Investigating
Registry
Windows SDK
Implementation
Get Authentic Code Signature
Maybe not
Digital signatures
DB GUI
Device Guard Bypass
More Information
More Tools
My Expected Reaction
How to Validate Trust
Background
Questions
My Approach
My History with PowerShell
Meeting SubT
Meeting Device Guard
Next Steps
Distractions
Embracing shiny objects
Lessons from security research
Thank you