Escaping Windows Sandboxes - Tom Keetch - Hack in Paris
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore the vulnerabilities in Microsoft's "practical sandboxing" techniques used by popular applications like Internet Explorer, Adobe Reader, and Google Chrome. Dive into an evaluation of three consumers of these sandbox mechanisms, examining their similarities, differences, and inherent flaws. Learn about exploit mitigations, integrity levels, and protection modes while understanding the methodology behind identifying weaknesses in these security measures. Gain insights into vendor responses and recent developments in sandbox escape techniques. This updated conference talk, originally presented at Black Hat Europe, offers a comprehensive look at escaping Windows sandboxes and the implications for memory corruption attacks.
Syllabus
Introduction
Exploit Mitigations
Overview
Methodology
Protector Mode
Checklist
Integrity Levels
Protection Mode
Weaknesses
Renderer
Taught by
Hack in Paris
Related Courses
NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in ParisHack in Paris via YouTube All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Hack in Paris via YouTube Exploits in Wetware - R. Sell - Hack in Paris - 2019
Hack in Paris via YouTube All Your GPS Trackers Belong to Us - C. Kasmi, P. Barre - Hack in Paris - 2019
Hack in Paris via YouTube In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass - E. Carroll - Hack in Paris - 2019
Hack in Paris via YouTube