At Trail of Bits, we pride ourselves on building tools that anyone can use to improve the security ecosystem. Given how deeply Microsoft is involved in much of our work—binary analysis, cryptography, cloud security—our teams’ research and development has resulted in numerous tool releases for the public to incorporate into their own security strategies.
To build on this effort, we have now assembled a dedicated team of some of the world’s leading Windows security experts who will initiate new research projects and execute technical initiatives focused on the security of one of the world’s most widely deployed operating systems.
The team will leverage the company’s existing relationships in both the public and private sectors to work on various Microsoft technologies and initiatives. Because Trail of Bits has helped secure some of the world’s hardest-hit organizations and devices, this team will bring together high-end security research with a real-world attacker mentality to discover, analyze, and resolve security issues in one of the world’s most popular operating systems.
The team consists of the following members:
- Aaron LeMasters, a senior security engineer, is a technologist and researcher with over 16 years of experience in malware analysis, reverse engineering, Windows internals, and kernel driver development. In addition to several issued and provisional patents, he has numerous publications on various research topics and has spoken at prestigious conferences such as Blackhat USA, No Such Con, SyScan and Brucon.
- Yarden Shafir, a senior security researcher, is a world-renowned expert on Windows internals and security tools. She teaches security courses on advanced Windows topics with Winsider Seminars and Solutions. Previously she worked at CrowdStrike and SentinelOne researching and developing EDR capabilities. Outside of her primary work duties, she has spoken extensively on a variety of topics including CET internals, kernel exploit techniques, extension host hooking, and kernel exploit mitigations.
- Adam Mely, a senior security research engineer, previously developed an agentless proactive malware hunting and incident response framework that has scaled to over 500,000 systems across a variety of Windows versions, configurations and architectures. He has also developed hardened Windows-based forensic storage and analysis tools to safely run critical processes on controversial systems and identify advanced attacks, indicators of compromise and deviations from baseline configurations.
The team will focus on the security boundaries of three logical layers of architecture: operating systems, virtualization, and hardware and architecture support. Initial research will cover hardware and firmware microarchitectures for the operating system and related system libraries, with expansion to other software ecosystems planned in the future. The work will result in similar outcomes to other projects undertaken by Trail of Bits: customer review reports, conference presentations, blog posts and other publications, as well as open-source tools to be published on GitHub.
The new effort will build on years of Windows-related work Trail of Bits has undertaken, such as a project with Facebook that resulted in the first Windows platform support for the open-source endpoint agent osquery. An extremely popular OS analysis tool, Osquery allows security teams to create custom queries needed to track security-related data.
Other Windows-based security projects include a tool to verify Authenticode signatures on Windows executables, a Rust-based sandbox for Windows Defender, and training code that allows researchers to investigate bugs and prevent them from becoming exploits.
Any organization interested in collaborating with this team can contact Trail of Bits to inquire about future projects. You can keep up to date with our latest news and announcements on Twitter (@trailofbits) and explore our public repositories on GitHub.
*** This is a Security Bloggers Network syndicated blog from the Trail of Bits blog written by Trail of Bits. Read the original post at: https://blog.trailofbits.com/2022/10/18/microsoft-windows-security-research-team/