Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework

www.deepinstinct.com

Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework

www.deepinstinct.com

bOt@zerobytes.monsterMB to Technical Information Security Content & Discussion@zerobytes.monster · 1 year ago

Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework | Deep Instinct

www.deepinstinct.com

This blog is based on a session we presented at DEF CON 2023 on Friday, August 11, 2023, in Las Vegas: Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework.

This is an automated archive.

The original was posted on /r/netsec by /u/Daniel24z25 on 2023-08-31 07:42:13+00:00.

Research presented on DEF CON 31 that demonstrates how the Windows containers isolation framework (wcifs.sys), which is loaded on every modern Windows system by default, can be abused to bypass EDR file system malware protection, file/folder write restrictions and I/O ETW log-based correlations.

You must log in or register to comment.

Chat