kernel

5 posts tagged kernel.

Windows Filtering Platform: The Kernel-Mode Firewall You Don't See

May 11, 2026

The Windows Filtering Platform is the kernel-mode engine under wf.msc, IPsec, WinNAT, the Hyper-V vSwitch, and every modern Windows EDR.
ETW: How Windows 2000's Performance Hack Became the EDR Substrate

May 10, 2026

Event Tracing for Windows is the kernel-buffered observability bus every modern Windows EDR consumes. This is the architecture, the attacks, and the one provider that survives them.
Plug and Trust: How Windows Decides What to Do When You Plug In a USB Device

May 10, 2026

In the 250 ms between physical insertion and class-driver attach, Windows executes ten or eleven kernel-mode operations (eleven for composite devices) and trusts ~256 bytes of self-described descriptors.
The Object Manager Namespace: The Hierarchical Filesystem Underneath Every Windows Security Boundary

May 10, 2026

A bottom-up tour of the Windows Object Manager namespace, the 1993 Cutler-era kernel data structure that every Windows security boundary quietly assumes.
WDAC + HVCI: Code Integrity at Every Layer in Windows

May 10, 2026

How Windows decides which code is allowed to run, end-to-end: WDAC policy schema, HVCI per-VTL SLAT enforcement, the audit-to-enforce loop, and the residual attack surface neither feature can close.