YoVDO

The Linux Kernel Hidden Inside Windows 10

Offered By: Black Hat via YouTube

Tags

Black Hat Courses System Calls Courses Windows 10 Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the hidden Linux kernel within Windows 10 in this 52-minute Black Hat conference talk. Dive deep into the implementation of "Project Astoria," which allows Windows to run native, unmodified Linux binaries. Learn about the Ring 0 driver with kernel privileges that enables this functionality, and understand its implications for security, including potential vulnerabilities and attack surfaces. Examine how this new paradigm affects security software, process management, and system calls. Discover the challenges posed by this integration, including the potential for Linux/Android malware to target Windows machines. Gain insights into the internals of this groundbreaking feature, uncovering design flaws and security challenges in Windows 10 Anniversary Update.

Syllabus

Intro
INTRODUCTION
MINIMAL PROCESS
PICO PROCESS
PICO PROVIDERS
PICO PROVIDER SECURITY
WSL COMPONENT OVERVIEW
SYSTEM CALLS
DEVICE OBIECT INTERFACES
BUS INSTANCES
SOCKETS / FILES
BUS IPC MARSHALLING
BUS IPC DATA EXCHANGE
INITIAL ANALYSIS
ATTACK SURFACE ANALYSIS
PROCESS / THREAD NOTIFICATIONS & BEHAVIOR
CONCLUSION


Taught by

Black Hat

Related Courses

Assets, Threats, and Vulnerabilities
Google via Coursera
Attack Surface and Security Implications of eSIM Technology
BruCON Security Conference via YouTube
Simplifying Threat Modeling
LASCON via YouTube
Building an AppSec Program from the Ground Up - An Honest Retrospective
LASCON via YouTube
Analyzing & Breaking QNX Exploit Mitigations and PRNGs for Embedded Systems
Black Hat via YouTube