Diving Into IE 10's Enhanced Protected Mode Sandbox

Presented at Black Hat Asia 2014, Unknown date/time (Unknown duration)

With the release of Internet Explorer 10 in Windows 8, an improved version of IE's Protected Mode sandbox, called Enhanced Protected Mode (EPM), was introduced. With the use of the new AppContainer process isolation mechanism introduced in Windows 8, EPM aims to further limit the impact of a successful IE compromise by limiting both read and write access and limiting the capabilities of the sandboxed IE process.

Presenters:

• Mark Vincent Yason - IBM
  Mark Vincent Yason is a security researcher on IBM's X-Force Advanced Research team. Mark's current focus area is vulnerability and exploit research. He analyzes known vulnerabilities, discovers new vulnerabilities, studies exploitation techniques, and creates detection guidance/algorithms that are used in the development of IDS/IPS signatures. He also previously worked on malware research that naturally involved some degree of software protection research. He authored the paper, "The Art of Unpacking" and co-authored the papers, "Reversing C++", "Playing In The Reader X Sandbox" and "Digging Deep Into The Flash Sandboxes", all of which were previously presented at Black Hat.

Links:

• https://www.blackhat.com/asia-14/briefings.html#Yason
• https://www.youtube.com/watch?v=1tBCuYL69Ww

Similar Presentations:

• Black Hat USA 2010 / Standing on the Shoulders of the Blue Monster: Hardening Windows Applications
• ShmooCon XI (2015) / The Windows Sandbox Paradox
• Black Hat Europe 2015 / Hey Man Have You Forgotten to Initialize Your Memory?