Be the first to like this
In this talk we cover in-depth architecture details of windows application sandboxes like Google Chrome, Adobe Reader, Sandboxie. Then we look at the design assumptions these sandboxes make. Are these assumptions the weakest link? After this decomposition, we'll do live exploit demos to bypass these sandboxes; not by exploiting vulnerabilities in them - rather by exploiting the architectural assumptions. The talk will also cover aspects of windows internals, kernel mode vulnerabilities and also give ideas on generic ways how to pivot out of some sandboxes. For the malware analyst or security practitioner - this talk will also cover the perils of doing unknown malware analysis inside sandboxes.