RT-3015 COModo - From Sandbox to SYSTEM

Presented at Texas Cyber Summit 2019, Oct. 12, 2019, 3:30 p.m. (60 minutes).

Its 2019, Application Containment is all the rage and various vendors implement it in different ways, but do they always do it correctly? You probably wouldn't be reading this if they did. Come join me as I walk through 5 CVEs I discovered this year affecting Comodo Antivirus and their Containment technology. This talk explain how we abuse COM, Signed Binary bypasses, LPC/ALPC, and chaining of various vulns to successfully escape the Comodo Sandbox Container and Privilege Escalate ourselves to SYSTEM.

Presenters:

• David Wells - Tenable
  David Wells is a former Malware Reverse Engineer with strong emphasis on Windows Internals. David currently works on Tenable’s Zero Day Research team, uncovering new 0-day vulnerabilities in targets ranging from routers to well known applications and Operating Systems.

Links:

• https://texascybersummitii2019.sched.com/event/W6NV/rt-3015-comodo-from-sandbox-to-system