Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

Sébastien Renaud (Senior Security Researcher, Quarkslab) & Kevin Szkudlapski (Junior Security Researcher, Quarkslab)

PRESENTATION TITLE: WinRT: The Metro-politan Museum of Security

PRESENTATION ABSTRACT:

Windows 8 will come with lots of change compared to Windows 7, not only with the new Metro interface, ARM support, but also from the security point of view with one of the main features being the new Windows RunTime - codenamed WinRT.

In this session, we will provide a birds eye view of what exactly WinRT is and what new security it provides. We will then look at it as a programmer: What language will support it and it can be accessed natively when it is not supposed to be, compiler protections such as SAFESEH, DYNAMICBASE and NXCOMPAT, and much more.

Along with this, we will also focus on the new application model. All applications intended for this runtime will be distributed by Microsft through an online store and will be checked and signed. MS provide a tool to pre-test your own applications before submitting it. We will demonstrate how we can bypass all the checks made by this tool to call forbidden APIs, and embed malware in valid applications.

Next, we will go into WinRT internal user land. We will show that the Windows registry is still here and at the heart of the WinRT technology. We’ll take three important parts of WinRT (Contract, Extension and Class) and will demonstrate how all of these parts interact together. Once we understand that, we wil inspect the life and death of a WinRT application, from its start to the end of the process, in order to understand all security features involved.  Last but not least, we will have a look at the new WinRT sandbox, comparing it to Chrome’s. We will introduce what we called the LowBox model. It  is the term we use to name the implementation of the sandbox used in the context of WinRT. We will explain what are the core features used by the Windows Runtime’s sandbox. A reimplementation in C of the core of the sandbox, abundantly commented, will also be delivered. 

ABOUT SEBASTIEN RENAUD

Sébastien Renaud is a senior security researcher at Quarkslab focusing on reverse engineering, vulnerability research and analysis with an emphasis on the Windows operating system. He enjoys programming tools and dissecting file formats and network protocols.

ABOUT KEVIN SZKUDLAPSKI

Kevin Szkudlapski is a junior security researcher working on reverse engineering and low level development. He enjoys studying new architectures and analyses how softwares communicate with hardware. He is the main developer of the medusa disassembler.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

<<
( / 10 )
>>