Cutting Edge - Microsoft Browser Security — From People Who Owned It

Dive deep into the Microsoft Edge security architecture in this Black Hat conference talk, exploring sandbox initialization, browser broker implementation, inter-process communication, and renderer security isolation. Gain insights from security experts who have successfully exploited the browser, as they dissect the Universal Windows Platform, Edge's process structure, and various security mechanisms. Examine topics such as manager and content process startup, child process capabilities, JIT engine RPC, out-of-process COM activation, and Adobe Flash integration. Learn about potential vulnerabilities, including a bug in Macromedia Breeze, and understand how attackers navigate from Internet to Local zones, bypassing Same-Origin Policy restrictions.

Intro
Universal Windows Platform
Microsoft Edge Architecture
Manager Process Startup
Activation Information
Manager Process Capabilities
Content Process Startup
black hat Child Process Token and Capabilities
Child Process Capability SIDs
JIT Engine RPC
Out-of-Process COM Activation
COM Security
LCIE IPC Message Security
black hat Launch Browser Broker in Manager
Unmarshal Interface
Browser Broker Structure
Edge Process Integrity
Access Check
Trusted AC
black hat ALL APPLICATION PACKAGES
Microsoft Edge Adobe Flash Integration
Flash Broker Permissions
Flash Broker Activation
Flash Broker Features
Launch Adobe Connect Add-in
A Bug in Macromedia Breeze
From Attackers' Perspective
Navigate from Internet Zone to Local Zone
Behind a Navigation
Exploit the SOP Bypass
Recap