I stumbled across these videos by Seth Juarez the other day, which explain the detail around Isolated User Mode and security improvements in Windows 10. There is a lot of talk about privacy and ‘telemetry’ in relation to Windows 10, however there is a bigger picture. This should make an interesting watch for those interested in security, Windows 10, Kernel security etc.
Interesting stuff for client side eg: lsass.exe now with lsaiso.exe / Credential Guard (more on this another day) and server side eg: vTPM.
Thanks to Microsoft, these videos are great.
Video 1: Isolated User Mode in Windows 10 with Dave Probert
Dave Probert, Windows kernel developer, Protecting ourselves from kernel exploits. The solution he lays out forms part of Windows 10, and lays the foundation for future developments.
Video 2: Isolated User Mode Processes and Features in Windows 10 with Logan Gabriel
Logan Gabriel, Senior Security Engineer, discusses the processes and features that come in Windows 10 due to Isolated User Mode.
Video 3: More on Processes and Features in Windows 10 Isolated User Mode with Dave Probert
Dave Probert, Windows kernel developer, describes how lsass.exe (Local Security Authority Subsystem Service) can have a separate process LsaIso.exe (aka ‘Credential Guard’) to hold secrets within Secure Mode, then more on trustlets.
You can access the video pages directly here:
Video 1: Isolated User Mode in Windows 10 with Dave Probert
Video 2: Isolated User Mode Processes and Features in Windows 10 with Logan Gabriel
Video 3: More on Processes and Features in Windows 10 Isolated User Mode with Dave Probert
Thanks to Seth Juarez, Dave Probert, Logan Gabriel and everyone else involved.
Enjoy.
Thank you for aggregating these videos into a single post.