YoVDO

Cutting Edge - Microsoft Browser Security — From People Who Owned It

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Software Development Courses Cybersecurity Courses Inter-Process Communication Courses Browser Security Courses

Course Description

Overview

Dive deep into the Microsoft Edge security architecture in this Black Hat conference talk, exploring sandbox initialization, browser broker implementation, inter-process communication, and renderer security isolation. Gain insights from security experts who have successfully exploited the browser, as they dissect the Universal Windows Platform, Edge's process structure, and various security mechanisms. Examine topics such as manager and content process startup, child process capabilities, JIT engine RPC, out-of-process COM activation, and Adobe Flash integration. Learn about potential vulnerabilities, including a bug in Macromedia Breeze, and understand how attackers navigate from Internet to Local zones, bypassing Same-Origin Policy restrictions.

Syllabus

Intro
Universal Windows Platform
Microsoft Edge Architecture
Manager Process Startup
Activation Information
Manager Process Capabilities
Content Process Startup
black hat Child Process Token and Capabilities
Child Process Capability SIDs
JIT Engine RPC
Out-of-Process COM Activation
COM Security
LCIE IPC Message Security
black hat Launch Browser Broker in Manager
Unmarshal Interface
Browser Broker Structure
Edge Process Integrity
Access Check
Trusted AC
black hat ALL APPLICATION PACKAGES
Microsoft Edge Adobe Flash Integration
Flash Broker Permissions
Flash Broker Activation
Flash Broker Features
Launch Adobe Connect Add-in
A Bug in Macromedia Breeze
From Attackers' Perspective
Navigate from Internet Zone to Local Zone
Behind a Navigation
Exploit the SOP Bypass
Recap


Taught by

Black Hat

Related Courses

1C:Enterprise Junior Developer Course
Moscow Institute of Physics and Technology via Coursera
A Beginner’s Guide to Docker
Packt via FutureLearn
A Beginner’s Guide to Scrum Project Management
Packt via FutureLearn
Google Professional Cloud DevOps Engineer Certification Path Introduction (GCP DevOps Engineer Track Part 1)
A Cloud Guru
Introduction to Amazon CodeGuru
A Cloud Guru