Problem 1-unfiltered MMCFG • MMCFG is a region of physical address space, access
11
Overlap VTd bars
12
S4 sleep
13
SMM abuse example
14
Questions?
Description:
Explore the intricacies of Windows 10's virtualization-based security (VBS) in this 51-minute Black Hat conference talk. Delve into the VBS implementation details and assess its unique attack surface, focusing on potential vulnerabilities arising from platform complexity, particularly UEFI firmware. Witness demonstrations of actual exploits, including a non-critical bypass of a VBS feature and a critical firmware vulnerability. Gain insights into VBS architecture, Credential Guard, code integrity enforcement, and kernel HVCI bypass. Examine root partition privileges, unfiltered MMCFG access issues, and SMM abuse examples. Enhance your understanding of Windows 10 security architecture and potential attack vectors in this comprehensive analysis presented by Rafal Wojtczuk.
Analysis of the Attack Surface of Windows 10 Virtualization-Based Security