DEF CON 30 - Omri Misgav - Running Rootkits Like A Nation-State Hacker
Code Integrity is a threat protection feature first introduced by Microsoft over 15 years ago. On x64-based versions of Windows, kernel drivers must be digitally signed and checked each time they are loaded into memory. This is also referred to as Driver Signature Enforcement (DSE). The passing year showed high-profile APT groups kept leveraging the well-known tampering technique to disable DSE on runtime. Meanwhile, Microsoft rolled out new mitigations: driver blocklists and Kernel Data Protection (KDP), a new platform security technology for preventing data-oriented attacks. Since using blocklist only narrows the attack vector, we focused on how KDP was applied in this case to eliminate the attack surface. We found two novel data-based attacks to bypass KDP-protected DSE, one of which is feasible in real-world scenarios. Furthermore, they work on all Windows versions, starting with the first release of DSE. We’ll present each method and run them on live machines. We’ll discuss why KDP is an ineffective mitigation. As it didn’t raise the bar against DSE tampering, we looked for a different approach to mitigate it. We’ll talk about how defenders can take a page out of attackers’ playbook to cope with the issue until HVCI becomes prevalent and really eliminates this attack surface.

DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor

DEF CON 30 - Michael Bargury - No-Code Malware - Windows 11 at Your Service

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

DEF CON 30 - Sharon Brizinov - Evil PLC Attacks - Weaponizing PLCs

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint

DEF CON 30 - Nikita Kurtin - Bypassing Android Permissions From All Protection Levels

Jim Browning: The hacker uncovering and exposing online scams

The Mind Behind Linux | Linus Torvalds | TED

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

Don't Hang Up On AI Scammers. Do THIS Instead.

JANITOR vs THE BIGGEST GUYS IN THE GYM. They Didn’t Expect THAT

How The RIDL CPU Vulnerability Was Found

The World's Most Important Machine

DEF CON 31 - Using SIM Tunneling to Travel at Light Speed - Adrian Dabrowski, Gabriel Gegenhuber

Attacking AI - Jason Haddix - NDC Security 2026

Firewall Fundamentals Explained | Network Security for Beginners

DEF CON 30 - Lennert Wouters - A Black-Box Security Evaluation of SpaceX Starlink User Terminal

Do VPNs Really Protect Privacy? Data & Cybersecurity Insights

Dirty Vanity: A New Approach to Code Injection & EDR Bypass

