AlexI
CrowdStrike Falcon®: First Endpoint Protection to Integrate Firmware Attack Detection Capability
Today’s endpoint security solutions have been designed primarily to look at the local operating system (OS) and the applications that reside on top of it, remaining blind to computing layers below the[…]
Chip Flaws Spectre and Meltdown are Actually Three Vulnerabilities and Proving Hard to Mitigate
The latest computer flaws to make global headlines are ominously titled “Spectre” and “Meltdown” and they represent a unique breed of trouble, requiring unprecedented industry collaboration and manual[…]
Solving Intractable Performance Problems Through Vertical Engineering
Owning the Image Object File Format, the Compiler Toolchain, and the Operating System As the Windows kernel continues to pursue in its quest for ever-stronger security features and exploit mitigations[…]
New Protection Capability of Falcon for Mac: Improving Security With SUIDGuard
A comprehensive Next-Generation Endpoint Protection strategy shouldn’t just be about reacting and responding to threats, but also be complemented by the ability to prevent such threats from successful[…]
Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool
The State of Kernel Exploitation The typical write-what-where kernel-mode exploit technique usually relies on either modifying some key kernel-mode data structure, which is easy to do locally on Windo[…]
Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)
In this last part of our series on protected processes in Windows 8.1, we’re going to be taking a look at the cryptographic security that protects the system from the creation or promotion of arbitrar[…]
The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations, Unkillable Processes and Protected Services
In this continuing series on the improvements of the protected process mechanism in Windows, we’ll move on past the single use case of LSASS protection and pass-the-hash mitigation through the Protect[…]
The Evolution of Protected Processes - Part 1: Pass-the-Hash Mitigations in Windows 8.1
It was more than six years ago that I first posted on the concept of protected processes, making my opinion of this poorly thought-out DRM scheme clear in the title alone: “Why Protected Processes Are[…]