Sandboxes from a pen tester’s view

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 29, 2013, 11 a.m. (50 minutes)

In this talk we’ll do an architectural decomposition of application sandboxing technology from a security perspective. We look at various popular sandboxes such as Google Chrome, Adobe ReaderX, Sandboxie amongst others and discuss the limitations of each technology and it’s implementation. Further, we discuss in depth with live exploits how to break out of each category of sandbox by leveraging various kernel and user mode exploits – something that future malware could leverage. Some of these exploit vectors have not been discussed widely and awareness is important.

Presenters:

• Rahul Kashyap
  Rahul Kashyap is Chief Security Architect, Head of Security Research at Bromium Labs. Before joining Bromium, he led the worldwide Vulnerability Research teams at McAfee Labs, a wholly owned subsidiary of Intel. He has led both offense and defense oriented research with focus on exploit prevention and mitigation. Rahul has published papers in renowned security journals, and has been a speaker at several security conferences such as Blackhat EU, InfoSec UK, Shakacon, RSA.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 3 2013/video/Sandboxes From A Pen Testers View Rahul Kashyap.mp4

Similar Presentations:

• BSidesLV 2016 / An Adversarial View of SaaS Malware Sandboxes
• DEF CON 24 (2016) / Escaping The Sandbox By Not Breaking It
• Black Hat USA 2012 / Digging Deep Into The Flash Sandboxes