After a bit of a hiatus, I am back to finish up this series on Security Through Process Isolation. In my last entry I covered some of the details on how the registry filtering subsystem, or CM, manages contexts and how, as a registry filter driver, one can register a callback for registry accesses. In this… Continue Reading …