Battle Of The SKM And IUM How Windows 10 Rewrites OS Architecture

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=X56yzidlFlo


Duration: 51:30
14 views
0

In Windows 10, Microsoft is introducing a radical new concept to the underlying OS architecture, and likely the biggest change to the NT design since the decision to move the GUI in kernel-mode.

In this new model, the Viridian Hypervisor Kernel now becomes a core part of the operating system and implements Virtual Secure Machines (VSMs) by loading a true microkernel - a compact (200kb) NT look-alike with its own drivers called the Secure Kernel Mode (SKM) environment, which then uses the Hypervisor to hook and intercept execution of the true NT kernel. This creates a new paradigm where the NT Kernel, executing in Ring 0, now runs below the Secure Kernel, at Ring ~0 (called Virtual Trust Level 1).

But it doesn't stop there - as the Ring 0 NT kernel now has the ability to not only create standard Ring 3 user-mode applications, but also Ring ~3 applications (or Virtual Trust Level 0) that run in Isolated User Mode (IUM). Because VTLs are all more privileged than Ring 0, this now creates a model where a user-mode application running inside a VSM now has data and rights that even the kernel itself cannot modify. Why go through all this trouble? Because it seems like the hottest thing these days is Pass-the-Hash, and attacks must seemingly be mitigated at all costs. And even in Windows 8.1, an attacker with the permissions to load a kernel driver can bypass the existing mitigations (and Mimikatz is signed!). With VTLs, now even the most privileged attacker is only as privileged as the hypervisor will allow it - never able to truly read the hash date that is stored in the secure partition.

How "secure" is this new model really? And what prevents a malicious application from running in such a secure mode to begin with?

PRESENTED BY
Alex Ionescu
Black Hat - USA - 2015 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-03Internet Plumbing Gor Security Professionals The State Of BGP Security
2022-01-03Automated Human Vulnerability Scanning With AVA
2022-01-03Exploiting The DRAM Rowhammer Bug To Gain Kernel Privileges
2022-01-03CrackLord Maximizing Password Cracking Boxes
2022-01-03Internet Scale File Analysis
2022-01-03BGP Stream
2022-01-03Back Doors And Front Doors Breaking The Unbreakable System
2022-01-03Exploiting XXE Vulnerabilities In File Parsing Functionality
2022-01-03Is The NSA Still Listening To Your Calls A Surveillance Debate
2022-01-03Faux Disk Encryption Realities Of Secure Storage On Mobile Devices
2022-01-03Battle Of The SKM And IUM How Windows 10 Rewrites OS Architecture
2022-01-03Big Game Hunting The Peculiarities Of Nation State Malware Research
2022-01-03FileCry The New Age Of XXE
2022-01-03Forging The USB Armory, An Open Source Secure Flash Drive Sized Computer
2022-01-03Behind The Mask The Agenda, Tricks, & Tactics Of The Federal Trade Commission
2022-01-03Breaking Access Controls With BLEKey
2022-01-03Fingerprints On Mobile Devices Abusing And Leaking
2022-01-03From False Positives To Actionable Analysis Behavioral Intrusion Detection
2022-01-03Abusing Silent Mitigations Understanding Weaknesses Within Internet Explorer
2022-01-03Breaking Honeypots For Fun And Profit
2022-01-03Crash & Pay How To Own And Clone Contactless Payment Devices


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
protection
network
scam
fraud
malware
criminal
phishing
software
access
safety
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Alex Ionescu
SKM
IUM
windows 10