The Latest in IT Security

BoundHook Hooking Is Invisible to Windows 10’s PatchGuard

19
Oct
2017
BoundHook Hooking Is Invisible to Windows 10’s PatchGuard

laptop-coding-1030x567

A newly discovered hooking technique can go completely undetected by the current implementation of PatchGuard, CyberArk security researchers warn.

Called BoundHook, the method relies on causing an exception in a very specific location in a user-mode context, as well as on catching that exception to gain control over the thread execution. It can bypass PatchGuard, or Kernel Patch Protection, which was designed by Microsoft to prevent malicious code from running at kernel level on 64-bit versions of Windows.

Read More

Leave a reply


Categories

SATURDAY, NOVEMBER 18, 2017

Featured

Archives

Latest Comments

Social Networks