Infiltrate 2015 blackhat 2015, 20, 2008 syscan 2015 2012, nosuchcon 201420, breakpoint 2012 recon 20142010, 2006 for more info, see. About us joe desimone senior malware researcher interests include offensive security research, reverse engineering, threat intelligence, and development of endpoint protections. Alex is also very active in the security research community, discovering and reporting several vulnerabilities related to the windows kernel and presenting talks at conferences such as blackhat and recon. Published on dec 27, 2015 by alex ionescu in windows 10, microsoft is introducing a radical new concept to the underlying os architecture, and likely the biggest change to the nt design since the. Battle of skm and ium how windows 10 rewrites os architecture alex ionescu 2015 blackhat2015. As a worldclass security architect and consultant expert in lowlevel system software, kernel development, security training, and reverse engineering, he is coauthor of the last three editions of the windows internals series, along with andrea allievi, mark russinovich, and. This was planned to be a 7 part series but unfortunately ionescu stopped after the fourth post. Virtual secure mode sappuie sur lhyperviseur hyperv 5. Alex ionescu chief architect at crowdstrike, alex ionescu is a worldclass security architect and expert in lowlevel system software, kernel development, security training and reverse engineering. Blackhat is a 2015 american action thriller film produced and directed by michael mann and starring chris hemsworth, tang wei, viola davis, holt mccallany, and wang leehom. Windows 8 security and arm breakpoint 2012 security. Windows 8 heap internals final black hat briefings. The linux kernel hidden inside windows 10 techtalk by.
He is coauthor of the last two editions of the windows internals series, along with mark russinovich and david solomon. A read is counted each time someone views a publication summary such as the title, abstract, and list of authors, clicks on a figure, or views or downloads the fulltext. These tools are still in poc stage which we hope the community can use to build more mature and better tools. Alex ionescu is the vice president of endpoint engineering and founding chief architect at crowdstrike, inc. From kernel escape to system calc this time font hunt you down in 4 bytes. Every year thousands of security professionals descend upon las vegas to learn the latest and greatest offensive and defensive infosec techniques. The linux kernel hidden inside windows 10 techtalk by alex ionescu at blackhat usa 2016 slides for the presentation. Ms mesa radionica pdf press is currently in talks with contributors.
So it seems that the task scheduler is capable of subscribing to event and launch task against it. Segmentation vestigial part of the x86 architecture now that everything leverages paging small role in 64bit mode ia32eamd64 just like the idt, the gdt is setup by the. A curated list of hyperv exploitation resources, fuzzing and vulnerability research. Chief architect at crowdstrike, alex ionescu is a worldclass security architect and expert in lowlevel system software, kernel development, security training and reverse engineering. Seven months prior to the ms15001 patch, a forensics expert named chris graham published a blog post titled, shimming your way past uac. Until i came across a blackhat conference by alex ionescu and gabrielle viala where they explain what wnf is. Chief architect at crowdstrike, a security startup previously worked at apple on ios core platform team coauthor of windows internals 5th and 6th editions reverse engineering nt since 2000 main kernel developer of reactos instructor of worldwide windows internals classes conference speaking. In this talk, alex ionescu, lead kernel developer for the reactos project since 2004 and recently returning after a long hiatus will talk about the. Buy here this offer expires on sunday, november 5 at 7.
Kernelmode software must be digitally signed to be loaded on x64based versions of windows vista and later. Bio vice president of edr strategy at crowdstrike, a security startup. All of these people deserve massive kudos for providing so much technical information publicly. Dance like nobodys watching encrypt like everyone is.
Alex ionescu is the vice president of edr strategy at crowdstrike, inc. Malicious application compatibility shims black hat. Guide kernel mode drivers info for anticheat bypass. Detailed, yet concise abstract defines a problem and offers a solutions that will be examined during session in windows 10, microsoft is introducing a radical new concept to the underlying. Technicallyoriented pdf collection papers, specs, decks, manuals, etc tpnpdfs. Defending against malicious application compatibility.
The linux kernel hidden inside windows 10 alex ionescu s blog reverse engineering nt since 2000 main kernel developer of reactos. Analysis of the attack surface of windows 10 virtualizationbased security rafal wojtczuk, 31 july 2016 abstract in windows 10, microsoft introduced virtualizationbased security vbs, the set of security solutions. Black hat built by and for the global infosec community returns to las vegas for its 18 th year. Windows internals 7th edition epub 32 download 94c4778406 ebook deal of the week. Alex s experience in os design and kernel coding dates back to his early adolescence when he first played with john fines educational os. Alex ionescu, chief architect, crowdstrike black hat usa 2015 track os host and container security abstract notes.
Wsl windows subsystem for linux introduced in windows 10 lets you execute linux binaries natively on windows lxcore. View ring 0 to ring1 attacks hyperv ipc internals alex ionescu syscan2015. The interesting thing here is that wnf stand for windows notification facility and is the notification system within the windows os. Hooking nirvana by alex ionescu at recon 2015 youtube. If you want to contribute, please read the guide for a broader list of virtualization related links, see awesome virtualization table of contents. Instructor of worldwide windows internals classes conference speaking. This six day event begins with four days of intense trainings for security practitioners of all levels august 14 followed by the twoday main event including over 100 independently selected briefings, business hall, arsenal, pwnie awards, and more august 56. What this talk is about the microsoft hypervisor hypervviridian was introduced almost a decade ago. They check into a hotel, they pick up their badge, they get on the black hat network.