Windows Kernel Patch Protection - Achilles Heel - PatchGuard
Offered By: RSA Conference via YouTube
Course Description
Overview
Explore the critical design flaw in Windows Kernel Patch Protection (PatchGuard) during this 40-minute RSA Conference talk. Delve into PatchGuard's architecture, its role in preventing kernel code modifications, and the intricacies of an attack that exploits this vulnerability to completely disable PatchGuard's response. Learn about the system's checking mechanisms, crash response analysis, and various flaws, including issues with CPU debug registers and code servicing routines. Witness a demonstration of the attack, discuss potential problems and improvements, and gain insights into immediate and future mitigation strategies for enhancing Windows kernel security.
Syllabus
Introduction
About Me
Agenda
Objective
What is PatchGuard
What does PatchGuard check
Response analysis of PatchGuard
What happens after a crash
Flaws
Nonsense
CPU Debug registers
Code
Servicing Routine
Creating the Hook
Stall Routine
Log File Entry
Kernel Address
Demo
Problems and Improvements
What to Do Now
What to Do Next
Taught by
RSA Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network