Articles by Romain Dumont

1 article
Date Tue 13 July 2021
Author Romain Dumont
Category Reverse-Engineering

This article describes how Windows Defender implements its network inspection feature inside the kernel through the use of WFP (Windows Filtering Platform), how the device object’s security descriptor protects it from being exposed to potential vulnerabilities and details some bugs I found. As a complement to this post, a small utility is released to test the different bugs.