Introduced in Windows 8, the Windows Runtime (WinRT) revolutionized the way applications were developed by discarding the old Win32 APIs in favor of cross language, modern, securable class library. Rather than coming up with a new middleware for implementing WinRT Microsoft decided to use COM as the underlying technology.
This presentation will contain a deep-dive into how the WinRT APIs are implemented, their security properties and provides information on how to inspect the runtimeโs attack surface from a sandboxed application.