Free courses from frontend to fullstack and AI
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore a 36-minute Black Hat conference talk that delves into the methodology for assessing Early Launch Antimalware (ELAM) drivers and demonstrates how overly-permissive rules can be exploited by adversaries. Learn about scenarios where intended functionality can be abused without exploiting vulnerabilities, enabling malware to tamper with security products and gain anti-tampering protections. Discover how a single, overly-permissive ELAM driver can hinder detection and remediation efforts. Conclude with a demonstration of achieving user-mode code execution through an abusable, signed executable running with an antimalware-light protection level. Gain insights from presenter Matt Graeber on the potential risks within the early launch antimalware ecosystem.
Syllabus
Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem
Taught by
Black Hat