Shatter Reloaded: Reviving shatter attacks to escape sandboxes and evade endpoint security products

Presented at Disobey 2020, Feb. 14, 2020, 1 p.m. (60 minutes).

Shatter attacks were all the rage in 2003 but were quickly neutralized by DEP, UIPI and Session 0 isolation. 15 years later, confronted with a commercial sandbox product on the one hand, and with state-of-the-art security endpoint products on the other - we brought Shatter attacks back to life, extending and weaponizing them to be useful once more. We'll start this talk with a quick intro to the classical Shatter attacks and continue to share the full, low-level, details on our reincarnation of them, including a live demo.

Presenters:

• Eran Zimmerman Gonen - Engineering Lead of Accenture Security Israel
  Eran Zimmerman Gonen is the Engineering Lead of Accenture Security Israel. Prior to that, he was part of an elite IDF cyber unit. He has 16 years of software development and engineering experience, 11 of which in the field of cyber security. He has a B.Sc. (summa cum laude) in Software Engineering and M.E. in Systems Engineering.

Links:

• https://disobey.fi/2020/profile/shatter_reloaded
• https://www.youtube.com/watch?v=1LSvGZCoAVc

Similar Presentations:

• DEF CON 24 (2016) / Escaping The Sandbox By Not Breaking It
• VB2016 / Last-minute paper: The Beginning of the End(point): Where we are now and where we'll be in five years