Virtualization-based security (VBS) - Internals and potential attack surface

*** Due to the high volume of registrants we’re transferring the event to the Auditorium in Microsoft R&D Center, a larger space in a nearby location ***

*** Please RSVP - Seats are limited for this FREE event***

Over the past few years, operating systems have significantly improved their security stacks, exploit mitigations and hardening. Microsoft has recently done massive changes to their OS architecture to introduce virtualization-based security (VBS), bringing hypervisor and hardware assisted mitigations to the Windows kernel.
This change has had a drastic impact on exploit development in Windows 10, and put Hyper-V and VTL1 components as prime targets for vulnerability researchers, now acting as a new trust boundary.

In this talk we will:

1. Introduce the major VBS features.
2. Dive into Virtual Secure Mode (VSM), and explore it’s architecture, design, and implementation considerations. We will also cover how some of the new architecture and mitigations block common exploitation techniques used for kernel vulnerabilities.
3. Discuss the potential attack surface of this architecture, and go through some of the bugs Saar recently found in these trusted areas.

About the speaker:

Saar Amar is a Security Researcher, focused on reversing and exploiting user space, kernel and Hypervisors.
Saar's talk from BlueHat IL 2018 Convention, “Linux Vulnerabilities Windows Exploits: Escalating Privileges with WSL”, can be found here: https://www.youtube.com/watch?v=3deJvbBHET4

*** The talk assumes prior knowledge of VT-x.
It’s recommended to go over Alex Ionescu talks from Syscan (http://www.alex-ionescu.com/syscan2015.pdf) & BlackHat2015 (http://www.alex-ionescu.com/blackhat2015.pdf) before the meetup. ***

• 18:30-19:00 - Gathering, snacks and beer

• 19:00 – 19:15 - BlueHatIL community - quick opening notes and plans

• 19:15 – 20:15 - Virtualization-based security (VBS) - Internals and potential attack surface – Saar Amar

See you there!