Please provide updated WSL video at the next Black Hat conference or stand-alone

[WSLUser]

@ionescu007

The last video you posted about WSL is from Oct 15, 2016. As I'm sure you know, there have been a huge number of changes to WSL since then, especially between the release of Fall Creator's Update (build 16299) and now (Insider build 17101). Could you provide an updated video that covers the new scope of capabilities and vulnerabilities in a similar fashion to what you did in your video?

[ionescu007]

It wasn’t really a video, it was a conference talk :) so I would have to be invited by another conference and speak on the topic again.

On Wed, Feb 21, 2018 at 9:28 PM DarthSpock ***@***.***> wrote: @ionescu007 <https://github.com/ionescu007> The last video <https://www.youtube.com/watch?v=_p3RtkwstNk> you posted about WSL is from Oct 15, 2016. As I'm sure you know, there have been a huge number of changes to WSL since then, especially between the release of Fall Creator's Update (build 16299) and now (Insider build 17101). Could you provide an updated video that covers the new scope of capabilities and vulnerabilities in a similar fashion to what you did in your video? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#15>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFxIeEXu3PqkWABmiqUuXi-qJfiBcso5ks5tXCghgaJpZM4SNuam> .

-- Best regards, Alex Ionescu

[WSLUser]

Yes I thought it was very informative but was a bit outdated when I saw it. I would of thought Black Hat would want you to provide an updated presentation. That being said, I suppose you could do some sort of blog highlighting what you managed to get out of WSL with new functionality in place.

[WSLUser]

I had also just recently watched the Blue Hat conference video concerning WSL released early this month but wasn't anywhere the same in comparison to your conference video and was only addressing a type of vulnerability that no longer exists in post Creator's Update builds and of course, the guys thick Hebrew accent was making it harder to understand him. Only thing I really got out of it was, there's a way to get into the kernel from shm and has me thinking someone like you could make use of that for other than exploit reasons, such as causing whatever allows the Windows GUI to work for Windows apps called from Ubuntu or OpenSuse to allow Linux applications to be opened in a similar fashion. If there's a way to get into the kernel, there has to be a way to expose the hardware is my logic. Unfortunately I'm unable to test something along these lines myself.

[Biswa96]

@DarthSpock Your dream comes true (partially). BlackHat 2018 schedule.

[WSLUser]

Ha, yeah I saw on Twitter he'll be at BlackHat but not specifically for WSL but cool read nevertheless. I'm sure WNF could be used for WSL to bring out behaviors that have intentionally been left disabled.