Blog Security Research Abusing VBS Enclaves to Create Evasive Malware Ori David is a Security Researcher at Akamai. His research is focused on offensive security, malware analysis, and threat hunting.  Malware that manages to run inside an enclave can be potentially invisible to memory-based detection and forensics. Contents 1.  Introduction 2.  Virtual Trust Levels 3.  What are VBS enclaves? 4.  Enclave malware 5.  Detection 6.  Conclusion 7.  Acknowledgments \r\n"}}"> Introduction Virtualization-based security (VBS) is one of the most fascinating recent security advancements. The ability to isolate critical components of the OS has enabled Microsoft to achieve substantial security improvements with features like Credential Guard and Hypervisor-Protected Code Integrity (HVCI).…