The Subway Line 8 - Exploitation of Windows 8 Metro Style Apps

Explore the security features and potential vulnerabilities of Windows 8 Metro-style apps in this 57-minute Black Hat USA 2012 conference talk. Delve into the architecture of the AppContainer sandbox environment, designed to isolate and protect Metro-style applications. Learn about the security improvements introduced in Windows 8 and how they impact app execution. Discover various attack vectors and methodologies for bypassing the sandbox, including APLC debugging, COM server attacks, WinRT API fuzzing, and logic flaw discovery. Witness demonstrations of discovered vulnerabilities, such as techniques to circumvent AppContainer restrictions for file access, program launching, and internet connectivity. Gain insights into the complex interplay between enhanced security measures and potential exploitation techniques in Windows 8's Metro-style app ecosystem.