anastasiia
-
In recent years, Windows OS has faced a surge in attacks exploiting kernel drivers, notably targeting AV and EDR systems. The vulnerable Asynchronous Local Procedure Call (ALPC) technology, vital for client-server interactions, lacks essential safeguards, as demonstrated in successful attacks at LABScon 2022 and Ekoparty 2022. To address ALPC vulnerabilities, we propose ALPChecker, a proactive…