Virtualization Based Insecurity: Weaponizing VBS Enclaves

Name: Virtualization Based Insecurity: Weaponizing VBS Enclaves
Description: Windows Virtualization Based Security (VBS) is Microsoft's flagship security architecture innovation of the past decade, isolating the most sensitive OS components — credential stores, security polici

Ori David

DEF CON 33 · Day 2 · Main Stage

Windows Virtualization Based Security (VBS) is Microsoft's flagship security architecture innovation of the past decade, isolating the most sensitive OS components — credential stores, security polici

AI review

VBS Enclaves weaponized as a VTL 1 hiding ground for malware — invisible to EDR, immune to memory scanning, unreachable by kernel debuggers — and the signing bypass makes it deployable without Microsoft's blessing.

Watch on YouTube