首页
社区
课程
招聘
[转帖]Win32k System Call Filtering Deep Dive
发表于: 2021-1-13 14:54 1866

[转帖]Win32k System Call Filtering Deep Dive

2021-1-13 14:54
1866

Win32k System Call Filtering Deep Dive

Usage of Windows kernel exploits have been on the rise, and are often used to break out of a browser sandbox. Many of the vulnerabilities found over the years have been in the driver win32k.sys, which handles system calls from gdi32.dll and user32.dll. To try and mitigate many of these vulnerabilities proactively Microsoft has implemented what is called Win32 Syscall Filter in Windows 10. The overall idea is to be able to block many System calls to win32k.sys for an entire process, such that unknown vulnerabilities cannot be taken advantage of. I have not been able to find many details about the implementation and how effective it really is, the only discussion I’ve found is the presentation Rainbow Over the Windows by Peter Hlavaty.

https://improsec.com/tech-blog/win32k-system-call-filtering-deep-dive



[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 1
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//