YoVDO

The Windows Sandbox Paradox

Offered By: nullcon via YouTube

Tags

nullcon Courses Cybersecurity Courses Software Vulnerabilities Courses Sandboxing Courses

Course Description

Overview

Explore the challenges and vulnerabilities of Windows sandboxing in this 45-minute conference talk from nullcon Goa 2015. Delve into the complexities of securing user applications against Remote Code Execution (RCE) vulnerabilities, examining the limitations of Windows operating system in providing robust sandboxing solutions. Discover how missing features, poor documentation, and unexpected behaviors make creating secure sandboxes on Windows a daunting task. Analyze specific issues with built-in technologies like Windows 8 AppContainer and learn about interesting bugs in sandboxed applications such as Chrome, Internet Explorer, and Adobe Reader. Gain valuable insights into auditing sandboxes effectively and understanding the intricacies of Windows security mechanisms, including object security descriptors, access tokens, and resource access checks. Examine various sandboxing approaches, from user-mode implementations to kernel-level protections, and explore the challenges posed by device drivers, file systems, and IPC technologies. Enhance your knowledge of Windows security architecture and improve your ability to identify and mitigate sandbox-related vulnerabilities in applications.

Syllabus

Intro
What I'm Going to Talk About
Sandboxing Requirement #1
Typical User-Mode Approach
Object Security Descriptor
Resource Access Check
Owner Check
Kernel DACL Check
Kernel Access Check
Restricted Access Tokens
Restricted Token Access Check
Crash!
Process Initialization
Device Drivers
Opening a Device Name
Securing the Device
Example: Windows Sockets
Native Sockets
Accessing Resources
Direct Resource Access
Sharing Resource Access
Bad Registry
IE EPM Escape / Audio Server
Lack of Documentation
Broker Resource Access
Win32 Path Support
Legacy Filesystem Behaviour
Canonicalization
Device Escape Syntax
Invalid Character Checks
Hybrid Resource Access
Reparse Points
Mixed Semantics
Sharing Sections
Unnamed Resources
IPC Technologies
Named Pipes
Chrome CreateNamed Pipe IPC
Reducing Kernel Attack Surface
The Good Parts
LowBox Token Access Check
Integrity Level Check
Mandatory Integrity Level Checi


Taught by

nullcon

Related Courses

Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations
Graz University of Technology via edX Become a Cybersecurity Professional
LinkedIn Learning CASP+ Cert Prep: 2 Enterprise Security Architecture
LinkedIn Learning Learning the OWASP Top 10
LinkedIn Learning Learning the OWASP Top 10 (2018)
LinkedIn Learning