Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how Kernel Control Flow Guard (KCFG) and Kernel Control Flow Enforcement Technology (KCET) revolutionize control flow integrity in the Windows kernel through this Black Hat conference presentation. Discover the evolution from Virtual Secure Mode (VSM) security innovations including Credential Guard and Hypervisor-Protected Code Integrity (HVCI) to understand how these technologies have transformed offensive security practices. Learn why kernel-mode control flow integrity mitigations were previously impossible when kernel mode represented the highest security boundary on Windows, and understand how the introduction of hypervisor-based security boundaries now enables robust implementation of CFG and CET in the Windows kernel. Examine the fundamental differences between KCFG/KCET and their user-mode counterparts, including their reliance on VTL 1 (Virtual Trust Level 1) for protection. Analyze current limitations of these kernel-mode mitigations, including the recent deprecation of eXtended Control Flow Guard (XFG), and gain insights into the future landscape of kernel-mode exploitation on Windows systems equipped with KCFG and KCET protections.
