GhostHook Attack Bypasses Windows 10 PatchGuard

A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers. Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particular its mitigations against memory-based attacks, are well regarded. Researchers at CyberArk, however, found a way around PatchGuard through a relatively new feature in Intel processors called Processor Trace (Intel PT).

Read more

Leave a Comment

Your email address will not be published. Required fields are marked *