Exploiting Windows COM/WinRT Services

Presented at Black Hat USA 2021, Aug. 5, 2021, 2:30 p.m. (30 minutes)

The Component Object Model (COM) and Windows Runtime (WinRT) are widely used in windows systems, they are often used for cross-process communication and UWP Application. Both of them provide large attack surfaces for hackers to hunt for LPE, RCE and Sandbox Escape vulnerabilities. In the past year, we have found more than 100 bugs in COM/WinRT service. We classify these vulnerabilities according to their different types (UAF, OOB READ/WRITE, Type Confusion, Arbitrary READ/WRITE). We'll share how we found these bugs and our exploit tricks for some of these bugs.

Presenters:

• Zhiniang Peng - Principal Security Researcher , Sangfor
  <div><span>Dr. Zhiniang Peng (@edwardzpeng) is the Principal Security Researcher at Sangfor. His current research areas include applied cryptography, software security and threat hunting. He has more than 10 years of experience in both offensive and defensive security and published much research in both academia and industry. Dr. Peng also is a bug hunter in his free time, and he has ranked #1 on the MSRC most valuable security researcher list for three consecutive quarters.</span></div>
• XueFeng Li - Security Researcher, Sangfor
  Xuefeng Li (@lxf02942370) is an intern at Sangfor and a student at South China University of Technology. He has been engaged in Windows vulnerability hunting and exploitation for almost one year and ranked #10 on the MSRC Most Valuable Security Researcher list in 2020.

Links:

• https://www.blackhat.com/us-21/briefings/schedule/#exploiting-windows-comwinrt-services-23653

Similar Presentations:

• Wild West Hackin' Fest 2017 / Windows Operating System Archaeology
• Black Hat USA 2022 / The Journey of Hunting In-the-Wild Windows LPE 0day
• TROOPERS17 (2017) / Demystifying COM