Kill Chain Reloaded: Abuse legacy paths for stealth persistence

Name: Kill Chain Reloaded: Abuse legacy paths for stealth persistence
Description: Modern Windows security — Secure Boot, Virtualization-Based Security (VBS), Credential Guard, Hypervisor-Protected Code Integrity (HVCI), and kernel-level EDR telemetry — has raised the bar for mainta

Alejandro Hernando, Borja Martinez

DEF CON 33 · Day 2 · Main Stage

Modern Windows security — Secure Boot, Virtualization-Based Security (VBS), Credential Guard, Hypervisor-Protected Code Integrity (HVCI), and kernel-level EDR telemetry — has raised the bar for mainta

AI review

Bootkit-level persistence achievable by red teamers today using abandoned UEFI boot paths and BYOVD — practical, dense, and the SMM exploitation demonstration is the kind of thing that ends careers for defenders who ignore it.

Watch on YouTube