buherator on Nostr: Tech Analysis: CrowdStrike’s Kernel Access and Security Architecture ...
Tech Analysis: CrowdStrike’s Kernel Access and Security Architecture
https://www.crowdstrike.com/blog/tech-analysis-kernel-access-security-architecture/
Interesting explainer about the architectural design decisions of #CrowdStrike, focusing mainly on the reasons for moving code to the kernel.
I find it curious that they talk about "User-Mode-Only Security Products" in the context of tamper protection: AV's tend to have kernel components and if my observations [at the time](https://blog.silentsignal.eu/2018/01/08/bare-knuckled-antivirus-breaking/) were correct they provided protection for user processes even before PPL. I'm not Ionescu enough to know if such protections would work with KPP&co though...
https://www.crowdstrike.com/blog/tech-analysis-kernel-access-security-architecture/
Interesting explainer about the architectural design decisions of #CrowdStrike, focusing mainly on the reasons for moving code to the kernel.
I find it curious that they talk about "User-Mode-Only Security Products" in the context of tamper protection: AV's tend to have kernel components and if my observations [at the time](https://blog.silentsignal.eu/2018/01/08/bare-knuckled-antivirus-breaking/) were correct they provided protection for user processes even before PPL. I'm not Ionescu enough to know if such protections would work with KPP&co though...