This paper evaluates the possibility of an attack on the Asynchronous Local Procedure Call (ALPC) connection in the Windows operating system through the kernel. It proposes a method of protection against this type of attack. Attackers disrupt the operation of antivirus and Endpoint Detection and Response systems by impacting components of the ALPC technology. To counteract these threats, an ALPChecker protection tool has been developed and tested.

 

Publication date: 4 Jan 2024
Project Page: Not provided
Paper: https://arxiv.org/pdf/2401.01376