Windows Projected File System — The Reality Stone
Casey Smith
ShmooCon XX (Final) · Day 2 · Build It
In his ShmooCon talk, "Windows Projected File System — The Reality Stone," renowned security researcher Casey Smith introduced a novel and powerful defensive technique leveraging the **Windows Projected File System (PFS)**. This often-overlooked, built-in Windows feature allows defenders to create a virtual file system that projects arbitrary hierarchical structures as if they were real files and directories on disk. Smith, the creator of the popular open-source Canary Tokens project, demonstrates how PFS can be weaponized to create high-fidelity detection tripwires, effectively controlling the "reality" an attacker perceives on a compromised system.
AI review
This session presents a highly effective and novel defensive technique leveraging Windows Projected File System (PFS) for high-fidelity deception and detection. By creating 'fake' file systems that only trigger alerts on actual file interaction (open/copy), it provides a powerful asymmetry against attackers enumerating systems. The speaker, Casey Smith, demonstrates a deep understanding of PFS internals and offers practical, open-source tooling, making this a truly actionable and impactful piece of research for defenders.