For more than a decade, Microsoft has been aggressively adding security mitigations to Windows with the goal of reducing attack surface, containing exploits and eliminating entire classes of bugs.
In this workshop, meant for Windows software developers and security researchers, you will learn about the various security mitigations have been added to the Windows platform. You will learn how to incorporate these into your applications to improve their security posture. You will obtain a deep understanding of some of the limitations of these security mitigations to help with security research.
In the hands-on labs, you will build applications with these security mitigations and observe their runtime behavior in a debugger (WinDBG). At the end of the workshop you will walk away with a ton of modular and production ready and source code which you can incorporate in your Windows software or use it for security research. All hands-on labs will be performed on the 64-bit version of Windows 10.
At the end of this day long workshop, you should:
- Understand the defenses available in Windows
- Recognize the attack vectors these defenses are designed to mitigate.
- Identify the version of Windows in which a particular security mitigation was added.
- Select compiler and linker flags that enable security mitigations for your applications.
- Use security APIs to incorporate some of the defenses into applications.
- Understand the impact of these defenses on the runtime behavior of an application.
- Perform offensive security research around these defenses.
The get the most value from this workshop, you should be well versed with C/C++ programming in a Windows environment. In addition, you must be familiar with native Win32 APIs. To participate in the hands-on labs, you must bring a system running Windows 10 x64 Version 1903 or 1909 Professional/Enterprise Edition with Visual Studio 2019 installed.
- Windows Security Overview
- Memory Protection
- Process Mitigation Policies
- Integrity Levels (IL)
- Restricted Tokens
- Stack Cookies (GS)
- Data Execution Prevention (DEP)
- Address Space Layout Randomization (ASLR)
- Arbitrary Code Guard (AGC)
- Control Flow Graph (CFG)
- Control-flow Enforcement Technology (CET)
- App Containers
- Win32K API Call Filtering
- Sandboxing Mechanisms