Cool blog on how Defender uses Virtualization-based attestation to find kernel attacks in-the-wild:https://www.microsoft.com/security/blog/2019/07/31/how-windows-defender-antivirus-integrates-hardware-based-system-integrity-for-informed-extensive-endpoint-protection/ …
-
-
I guess I'm not sure if I like the idea. If attacker is at the point they can do a token swap, they've won. Adding complex detection for that will force attacker to do something else instead...but so what? Is added complexity worth that? I'm not sure.
//cc @halvarflake -
It depends if you are in the security industry, or in the security product industry ;). I have insufficient insight into what it does, but I suspect the prime effect will be “even more protected processes” because existing protected processes weren’t a bad enough idea yet.
- 14 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

