The Joy of Sandbox Mitigations

Presented at TROOPERS16 (2016), March 17, 2016, 2:30 p.m. (Unknown duration)

When researchers think of Microsoft Windows process mitigations they're likely to come up with DEP and ASLR. However Microsoft has been adding a number lesser known mitigations ranging from blocking Win32k system calls to reducing a sandbox's attack surface which already assume RCE has been achieved. This presentation will describe the implementation of these less well known mitigations, some silly bypasses and bugs in their implementations as well as how you can use them in real world code to improve the security of your own applications.

Presenters:

• James Forshaw
  James is a security researcher in Google's Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he has numerous disclosures in a wide range of products from web browsers to virtual machine breakouts as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.

Links:

• https://troopers.de/events/troopers16/644_the_joy_of_sandbox_mitigations/
• https://infocon.org/cons/TROOPERS/TROOPERS 2016/The Joy of Sandbox Mitigations.mp4
• https://troopers.de/media/filer_public/f6/07/f6076037-85e0-42b7-9a51-507986edafce/the_joy_of_sandbox_mitigations_export.pdf

Similar Presentations:

• Objective by the Sea version 2.0 (2019) / A Few JSC Tales
• Black Hat USA 2014 / Digging for IE11 Sandbox Escapes
• ShmooCon XII (2016) / The Road to SYSTEM: Recycling Old Vulnerabilities for Unpatched Privilege Escalation and A New Network Attack