In this talk, alex ionescu, lead kernel developer for the reactos project since 2004 and recently returning after a long hiatus will talk about the. Wsl windows subsystem for linux introduced in windows 10 lets you execute linux binaries natively on windows lxcore. Alex s experience in os design and kernel coding dates back to his early adolescence when he first played with john fines educational os. Blackhat is a 2015 american action thriller film produced and directed by michael mann and starring chris hemsworth, tang wei, viola davis, holt mccallany, and wang leehom. Chief architect at crowdstrike, alex ionescu is a worldclass security architect and expert in lowlevel system software, kernel development, security training and reverse engineering. What this talk is about the microsoft hypervisor hypervviridian was introduced almost a decade ago. Analysis of the attack surface of windows 10 virtualizationbased security rafal wojtczuk, 31 july 2016 abstract in windows 10, microsoft introduced virtualizationbased security vbs, the set of security solutions. All of these people deserve massive kudos for providing so much technical information publicly. He was a coauthor of the windows internals series for the last two editions. Bio vice president of edr strategy at crowdstrike, a security startup previously worked at apple on ios core platform team coauthor of windows internals 5th and 6th editions reverse engineering nt since 2000. A read is counted each time someone views a publication summary such as the title, abstract, and list of authors, clicks on a figure, or views or downloads the fulltext. Infiltrate 2015 blackhat 2016, 2015, 20, 2008 syscan 2015 2012, nosuchcon 201420, breakpoint 2012.
Virtual secure mode sappuie sur lhyperviseur hyperv 5. Alex ionescu chief architect at crowdstrike, alex ionescu is a worldclass security architect and expert in lowlevel system software, kernel development, security training and reverse engineering. The linux kernel hidden inside windows 10 techtalk by alex ionescu at blackhat usa 2016 slides for the presentation. Detailed, yet concise abstract defines a problem and offers a solutions that will be examined during session in windows 10, microsoft is introducing a radical new concept to the underlying. Published on dec 27, 2015 by alex ionescu in windows 10, microsoft is introducing a radical new concept to the underlying os architecture, and likely the biggest change to the nt design since the.
Black hat built by and for the global infosec community returns to las vegas for its 18 th year. Windows 8 heap internals final black hat briefings. Ms mesa radionica pdf press is currently in talks with contributors. Windows 8 security and arm breakpoint 2012 security. Alex ionescu is the vice president of endpoint engineering and founding chief architect at crowdstrike, inc. The linux kernel hidden inside windows 10 slideshare. Malicious application compatibility shims black hat. A curated list of hyperv exploitation resources, fuzzing and vulnerability research.
This was planned to be a 7 part series but unfortunately ionescu stopped after the fourth post. Alex ionescu is the vice president of edr strategy at crowdstrike, inc. Technicallyoriented pdf collection papers, specs, decks, manuals, etc tpnpdfs. Windows internals 7th edition epub 32 download 94c4778406 ebook deal of the week. As a worldclass security architect and consultant expert in lowlevel system software, kernel development, security training, and reverse engineering, he is coauthor of the last three editions of the windows internals series, along with andrea allievi, mark russinovich, and. This six day event begins with four days of intense trainings for security practitioners of all levels august 14 followed by the twoday main event including over 100 independently selected briefings, business hall, arsenal, pwnie awards, and more august 56. About us joe desimone senior malware researcher interests include offensive security research, reverse engineering, threat intelligence, and development of endpoint protections. Seven months prior to the ms15001 patch, a forensics expert named chris graham published a blog post titled, shimming your way past uac. One of the papers i used extensively was tarjei mandts win32k. The linux kernel hidden inside windows 10 alex ionescu s blog reverse engineering nt since 2000 main kernel developer of reactos. Segmentation vestigial part of the x86 architecture now that everything leverages paging small role in 64bit mode ia32eamd64 just like the idt, the gdt is setup by the. Buy here this offer expires on sunday, november 5 at 7. These tools are still in poc stage which we hope the community can use to build more mature and better tools.
The interesting thing here is that wnf stand for windows notification facility and is the notification system within the windows os. Infiltrate 2015 blackhat 2015, 20, 2008 syscan 2015 2012, nosuchcon 201420, breakpoint 2012 recon 20142010, 2006 for more info, see. Chief architect at crowdstrike, a security startup previously worked at apple on ios core platform team coauthor of windows internals 5th and 6th editions reverse engineering nt since 2000 main kernel developer of reactos instructor of worldwide windows internals classes conference speaking. Every year thousands of security professionals descend upon las vegas to learn the latest and greatest offensive and defensive infosec techniques.
Guide kernel mode drivers info for anticheat bypass. So it seems that the task scheduler is capable of subscribing to event and launch task against it. The battle of skm and ium blackhat 2015 alex ionescu analysis of the attack surface of windows 10 virtualizationbase security blackhat 2016 rafal. Until i came across a blackhat conference by alex ionescu and gabrielle viala where they explain what wnf is. Dance like nobodys watching encrypt like everyone is. The linux kernel hidden inside windows 10 techtalk by. Bio vice president of edr strategy at crowdstrike, a security startup. Alex is also very active in the security research community, discovering and reporting several vulnerabilities related to the windows kernel and presenting talks at conferences such as blackhat and recon. Hooking nirvana by alex ionescu at recon 2015 youtube. Kernelmode software must be digitally signed to be loaded on x64based versions of windows vista and later. View ring 0 to ring1 attacks hyperv ipc internals alex ionescu syscan2015. He is coauthor of the last two editions of the windows internals series, along with mark russinovich and david solomon.
If you want to contribute, please read the guide for a broader list of virtualization related links, see awesome virtualization table of contents. Alex ionescu, chief architect, crowdstrike black hat usa 2015 track os host and container security abstract notes. Battle of skm and ium how windows 10 rewrites os architecture alex ionescu 2015 blackhat2015. Instructor of worldwide windows internals classes conference speaking.