Truth is all fancy EDRs and endpoint security can be disabled by an attack like this. With Driver control using HVCI on Windows 10 this attack is prevented. You don’t need to buy this, it’s included in Windows 10 pro and up. All Secured core PCs have it on by default.https://twitter.com/SwiftOnSecurity/status/1225494447980453890 …
-
-
Yeah we need to fix that doc. Okay so basically here is the deal. hvci gives the secure kernel control over all executable pages for both kernel and user mode
-
So what that means is on older CPU when hvci is enabled every time a USER or KERNEL image gets loaded we have to VM Exit into secure kernel to check against policy
- 21 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.