Linux kernel hidden inside Windows 10
In August 2016, the Black Hat USA event was held once again.
Black Hat Conference is a computer security conference that brings together many people interested in information security. The conference is attended by representatives of federal agencies and corporations, and hackers. Briefings take place regularly in Las Vegas, Amsterdam and Tokyo. The event, designed specifically for the Federal services, is held in Washington, DC.
I bring to your attention the videotape and slides of one of the most interesting reports of the conference “The Linux kernel hidden inside Windows 10”. The reporter was a well-known computer security researcher Alex Ionescu, one of the authors of the best-selling Windows Internals.
')
Slides and code listings to Alex Ionescu's performance. Unfortunately, the report is available only in English.
UPD I’m inviting you, instead of an exercise in the comments, to take part in the crowdsourcing of the translation of this speech, who were hurt by the lack of a Russian translation of subtitles and video content. The process goes on a resource Notabenoid. If you do not have an invite, write to me in PM.
Records of other performances from Black Hat USA 2016.
Black Hat Conference is a computer security conference that brings together many people interested in information security. The conference is attended by representatives of federal agencies and corporations, and hackers. Briefings take place regularly in Las Vegas, Amsterdam and Tokyo. The event, designed specifically for the Federal services, is held in Washington, DC.
I bring to your attention the videotape and slides of one of the most interesting reports of the conference “The Linux kernel hidden inside Windows 10”. The reporter was a well-known computer security researcher Alex Ionescu, one of the authors of the best-selling Windows Internals.
')
Slides and code listings to Alex Ionescu's performance. Unfortunately, the report is available only in English.
Summary of the report
It’s been implemented by Microsoft as Microsoft’s Microsoft Astronia project has been released, it has been fully supported for VFS, BSD Sockets, ptrace, and a. bonafide ELF loader. After a short cancellation, under Windows 10 Anniversary Update ("Redstone"), under the guise of Bash Shell interoperability. 100% native, unmodified Linux binaries, and can access the VDSO!
If you’ve been using your phone’s built-in, loaded-by-default, Ring If you’re not thinking about it, it’s not a problem.
This is not the case. Do these frankenLinux processes show up in security drivers? Do they have PEBs and TEBs? Is there even an EPROCESS? And can a Windows machine, now be attacked by Linux / Android malware? How are the Linux system calls implemented and intercepted?
This is a paradigm shift and it will be a challenge. on Windows 10 Anniversary Update ("Redstone") machines.
If you’ve been using your phone’s built-in, loaded-by-default, Ring If you’re not thinking about it, it’s not a problem.
This is not the case. Do these frankenLinux processes show up in security drivers? Do they have PEBs and TEBs? Is there even an EPROCESS? And can a Windows machine, now be attacked by Linux / Android malware? How are the Linux system calls implemented and intercepted?
This is a paradigm shift and it will be a challenge. on Windows 10 Anniversary Update ("Redstone") machines.
UPD I’m inviting you, instead of an exercise in the comments, to take part in the crowdsourcing of the translation of this speech, who were hurt by the lack of a Russian translation of subtitles and video content. The process goes on a resource Notabenoid. If you do not have an invite, write to me in PM.
Records of other performances from Black Hat USA 2016.
Source: https://habr.com/ru/post/312734/
All Articles