Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

ONLINE REGISTRATION CLOSES OCT 13TH AT 23:59 MYT

           

Walk in registrations at The InterContinental for the conference on 16th and 17th are still accepted (walk-in rate MYR1499).

For up-to-the-minute updates on #HITB2013KUL including on-site happenings during the event, please follow @hitbsecconf on Twitter.

Mark Vincent Yason (Security Researcher, IBM X-Force)

PRESENTATION TITLE: Diving Into IE 10′s Enhanced Protected Mode Sandbox

PRESENTATION ABSTRACT:

With the release of Internet Explorer 10 in Windows 8, an improved version of IE’s Protected Mode sandbox, called Enhanced Protected Mode (EPM), was introduced. With the use of the new AppContainer process isolation mechanism introduced in Windows 8, EPM aims to further limit the impact of a successful IE compromise by limiting both read and write access and limiting the capabilities of the sandboxed IE process.

As with other new security features integrated in widely-deployed software, it is just prudent to look at how EPM works internally and also evaluate its effectiveness. This presentation aims to provide both by delving deep into the internals and assessing the security of IE 10’s Enhanced Protected Mode sandbox.

The first part of this presentation will focus on the inner workings of the EPM sandbox where topics such as the sandbox restrictions in place, the inter-process communication mechanism in use, the services exposed by the higher-privileged broker process, and more are discussed. The second part of this presentation will cover the security aspect of the EPM sandbox where its limitations are assessed and potential avenues for sandbox escape are discussed.

Finally, in the end of the presentation, an EPM sandbox escape exploit will be demonstrated. The details of the underlying vulnerability, including the thought process that went through in discovering it will also be discussed.

ABOUT MARK VINCENT YASON

Mark Vincent Yason is a security researcher on IBM’s X-Force Advanced Research team. Mark’s current focus area is vulnerability and exploit research – he analyzes known vulnerabilities, discovers new vulnerabilities, studies exploitation techniques, and creates detection guidance/algorithms which are used in the development of IDS/IPS signatures. He also previously worked on malware research which naturally involved some degree of software protection research. He authored the paper “The Art of Unpacking” and co-authored the papers “Reversing C++”, “Playing In The Reader X Sandbox” and “Digging Deep Into The Flash Sandboxes”.

EVENT ORGANIZER

SUPPORTED AND ENDORSED BY

TITANIUM SPONSOR (SPEAKERS RECEPTION + POST CONFERENCE RECEPTION)

GOLD SPONSORS

SILVER SPONSORS

CTF SPONSOR

CTF PRIZE SPONSOR

INTERNET CONNECTIVITY PARTNER

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HackWEEKDAY Official Ride Partner

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2013 Hack In The Box | http://www.hackinthebox.org