| DKOM 3.0: Hiding and Hooking with Windows Extension Hosts |
INFILTRATE 2019
|
| The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet |
Black Hat USA 2018
|
| Unknown Known DLLs and other Code Integrity Trust Violations |
RECON MONTREAL 2018
|
| Advancing the State of UEFI Bootkits: Persistence in the Age of PatchGuard and Windows 10 |
OffensiveCon 2018
|
| Baby’s First Bounty: Lessons from bypassing Arbitrary Code Guard |
BlueHat v17
|
| Fun with Sam: Inside the Surface Aggregator Module |
RECON MONTREAL 2017
|
| Helium, Argon & Xenon: The Noble Gases of Windows Containers |
2017 SyScan360
|
| Getting Physical with USB Type-C: Windows 10 RAM Forensics and UEFI Attacks |
RECON BRUSSELS 2017
|
| Gaining Visibility into Linux Binaries on Windows - How to defend and understand WSL |
BlueHat v16
|
| The Linux Kernel Hidden Inside Windows 10 |
Black Hat USA 2016
|