Windows Security Internals
Windows 10 has all kinds of new protection technologies - in fact, they've been coming so fast, it's hard to understand exactly what these protections do! In this demo-heavy talk, we will walk through and dive deep into protection technologies. We will look at application isolation in Windows - what is the difference between an AppContainer, a Helium Container, and an AppGuard container? What are the advantages (and disadvantages) of each?
We'll then dive deep on how we can reduce the attack surface regardless of the container - constraining behavior of well known apps and protecting against memory-based attacks even when your application wasn't compiled with these protections enabled. All along the way, we seek to demystify protections, to ensure that you can walk away confident in your knowledge of what controls you have available to provide the right level of protection to endpoints and stay one step ahead of your adversaries!