Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Sandbox Roulette - Are You Ready For The Gamble?

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the vulnerabilities and limitations of application sandboxes in this Black Hat EU 2013 conference talk. Dive into the "Sandbox Roulette" as presenters Rafal Wojtczuk and Rahul Kashyap demonstrate various exploit vectors targeting Windows Operating System vulnerabilities and assess how different commercial sandboxes fare against each attack. Gain insights into the growing trend of application sandboxing in enterprise security, the lack of standardization, and the potential risks when malware analysts use sandboxes. Examine the architectural decomposition of sandboxing technologies, comparing different vendor solutions and evaluating their effectiveness in protecting enterprise data and infrastructure. Learn about sophisticated malware techniques likely to target sandboxes in the future, and discover the real solutions to enhance sandbox security.

Syllabus

Intro
Types of Sandboxes
Windows Internals
State of Windows Security
How does Sandbox work
Example
OS Enhancement Based Sandbox
The Problem
First Vulnerability
Bypass the Sandbox
Buffer Zone Pro Bypass
Secret File Bypass
Type 2 Sandboxes
Type 2 Sandbox
Chromium Sandbox
Chromium Documentation
Chrome Sandbox Demo
Can the Sandbox Stand Ground
Adobe Reader Exploit
Chrome Exploit
untrusted integrity level
podium contest
kernel vulnerability
truetype vulnerability
duotext vulnerability
methodology
Truetype vulnerabilities
Acrobat Reader
Result
Windows kernel vulnerabilities
Alternatives
The Real Solution

Taught by

Black Hat

Reviews

Start your review of The Sandbox Roulette - Are You Ready For The Gamble?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.