Overview
Explore the evolution and vulnerabilities of Internet Explorer's silent exploit mitigations in this 47-minute Black Hat conference talk. Delve into the Isolated Heap and MemoryProtection strategies introduced by Microsoft in 2014 to combat use-after-free vulnerabilities. Examine how these mitigations function, their weaknesses, and the techniques attackers employ to bypass them. Learn about using MemoryProtection as an oracle to circumvent ASLR and discover additional recommended defenses to further secure Internet Explorer against emerging attack vectors. Gain valuable insights from security experts Brian Gorenc, Abdul-Aziz Hariri, and Simon Zuckerbraun on the complexities of browser security and exploit mitigation.
Syllabus
Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorer
Taught by
Black Hat