Yarden Shafir

Software Engineer at CrowdStrike

Yarden Shafir started dancing at the age of 7, and later joined a rhythmic gymnastics team and competed during her teenage years. 

After her military service, she practiced pole dancing and fell in love with acrobatics. Today she performs aerial arts for the circus, trains whenever possible, and teaches lyra and silks in Israel.

Yarden has a rich background of Windows Internals research originally at Sentinel One, followed by her current role as a Software Engineer at CrowdStrike working on various EDR capabilities and EPP features.

Technical Track

Security Features You’ve Never Heard of (but should)

Windows is a maze of ever-changing features, most of them undocumented and many of them completely unknown even to researchers and developers. Frequent code changes make it difficult to keep track of all the different mechanisms and some features simply get left behind after a project is abandoned or deprecated – still there in the code base but never used or publicly exposed.

This talk will shed a light on some of the lesser-known security mitigations in the Windows system. From an anti-process-hollowing mitigation to various side channel mitigations and reparse point protections, these mitigations are barely used even by the system itself. But learning about them and using them correctly can provide valuable protection and forensic information – even if a mitigation can’t be fully enabled, it can still help detect and analyze suspicious behaviors on a machine (a fact many attackers and defenders ignore).