In Windows 10, Microsoft introduced virtualization-based security (VBS), the set of security solutions based on a hypervisor. In this presentation, we will talk about details of VBS implementation and assess the attack surface - it is very different from other virtualization solutions. We will focus on the potential issues resulting from the underlying platform complexity (UEFI firmware being a primary example).
Besides a lot of theory, we will also demonstrate actual exploits: one against VBS itself and one against vulnerable firmware. The former is non-critical (provides bypass of one of VBS features), the latter is critical.
Before attending, one is encouraged to review the two related talks from Black Hat USA 2015: "Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture" and "Defeating Pass-the-Hash: Separation of Powers.
Rafal Wojtczuk has over 15 years of experience with computer security.Specializing primarily in kernel and virtualization security, over the years,he has disclosed many security vulnerabilities in popular operating systemkernels and virtualization software. He is also well known for his articles onadvanced exploitation techniques, including novel methods for exploitingbuffer overflows in partially randomized address space environments. Recently,he was researching advanced Intel security-related technologies, particularlyTXT and VTd. He is also the author of libnids, a low-level packet reassemblylibrary. He holds a master's degree in Computer Science from University ofWarsaw.