by Alex Ionescu
Initially known as “Project Astoria” and delivered in beta builds of Windows 10 Threshold 2 for Mobile, Microsoft implemented a full blown Linux 3.4 kernel in the core of the Windows operating system, including full support for VFS, BSD Sockets, ptrace, and a bonafide ELF loader. After a short cancellation, it’s back and improved in Windows 10 Anniversary Update (“Redstone”), under the guise of Bash Shell interoperability. This new kernel and related components can run 100% native, unmodified Linux binaries, meaning that NT can now execute Linux system calls, schedule thread groups, fork processes, and access the VDSO!
As it’s implemented using a full-blown, built-in, loaded-by-default, Ring 0 driver with kernel privileges, this not a mere wrapper library or user-mode system call converter like the POSIX subsystem of yore. The very thought of an alternate virtual file system layer, networking stack, memory and process management logic, and complicated ELF parser and loader in the kernel should tantalize exploit writers – why choose from the attack surface of a single kernel, when there’s now two?
But it’s not just about the attack surface – what effects does this have on security software? Do these frankenLinux processes show up in Procmon or other security drivers? Do they have PEBs and TEBs? Is there even an EPROCESS? And can a Windows machine, and the kernel, now be attacked by Linux/Android malware? How are Linux system calls implemented and intercepted?
As usual, we’ll take a look at the internals of this entirely new paradigm shift in the Windows OS, and touch the boundaries of the undocumented and unsupported to discover interesting design flaws and abusable assumptions, which lead to a wealth of new security challenges on Windows 10 Anniversary Update (“Redstone”) machines.
Nguồn: https://ftlinuxcourse.com
Xem thêm bài viết khác: https://ftlinuxcourse.com/lap-trinh-linux
Xem thêm Bài Viết:
- Trải nghiệm mới hay ho với hướng dẫn cài Mac Os trên vmware
- Bật mí cách cài đặt ssl miễn phí lên Let’s Encrypt
- Tuyệt chiêu tạo usb boot kali linux đơn giản dành cho bạn
- Hướng dẫn chi tiết từ A – Z các bước cài đặt Python trên Windows 10
- Bật mí quy trình cài đặt Kali Linux trên Vmware đúng chuẩn và chi tiết
Duh …. You think Bill invented ANYTHING? You see how he fucked IBM (os2 NT etc)
Dear God, MS managed to come up with the perfect over engineering nightmare.
O que rolou? descobriram um pedaço do kernel do windows com programação linux?
Well duuuhhhh, Win10 can run bash n that now, was kinda obvious…
Can I run Solitaire in WINE in Linux in Windows?
This isn't a Linux kernel, it's a compatibility layer (basically a "reverse Wine").
I love how they use 24 hour time, much more efficient.
LOL, Fuck Off Windows!
That's not evil Linux, that's the child of Tux (Linux mascot) and Beastie (BSD mascot).
BLACK HAT, USA. July 22-27, 2017. Mandalay Bay, Las Vegas blackhat.com/
1:57 Windows fan-girl correctly comments that the Linux kernel is not (YET) hidden in Windows 8.1. Just some of the Ubuntu & Android structures (40 mins 30 secs).
11:19 Linux subsystems mentioned
13:18 Ubuntu & SystemD mentioned
This is Microsoft last operating system, since it will probably buy out Ubuntu, and then release it, like their purchases of Nokia,to "replace" the Microsoft phone.
if microsoft build almost everything from scratch why the hack they called it linux subsystem ??
If only game developers and hardware manufacturers gave more support to Linux, there would be no more microsoft.
its really not that hidden anymore. a simple google search reveals how to enable it.
I didn't understand 99% of the presentation/keynote.. still watched the video
cool talk from people who don't know anything about windows or Linux.
Processies … processies …. There's no such word as "processies". The plural of "process" is "processes". Silly pretentious attempt at Latinising a perfectly acceptable English plural.
huh you mean that is not a part of powershell?
Windows, providing you the illusion of choice since 1985
the perfect way to kill your enemy….
Id like windows src code then microsoft.