Software Engineer at CrowdStrike
Security Features You’ve Never Heard of (but should)
Windows is a maze of ever-changing features, most of them undocumented and many of them completely unknown even to researchers and developers. Frequent code changes make it difficult to keep track of all the different mechanisms and some features simply get left behind after a project is abandoned or deprecated – still there in the code base but never used or publicly exposed.
This talk will shed a light on some of the lesser-known security mitigations in the Windows system. From an anti-process-hollowing mitigation to various side channel mitigations and reparse point protections, these mitigations are barely used even by the system itself. But learning about them and using them correctly can provide valuable protection and forensic information – even if a mitigation can’t be fully enabled, it can still help detect and analyze suspicious behaviors on a machine (a fact many attackers and defenders ignore).