Explore the process of discovering sandbox escapes in Internet Explorer 11 during Microsoft's bug bounty program in this Black Hat conference talk. Delve into the methodology used to uncover four significant vulnerabilities in the IE11 sandbox implementation, some of which have persisted since Vista and IE7. Learn about the Enhanced Protected Mode (EPM) sandbox and its utilization of Windows 8's App Container mechanism. Gain insights into investigating the IE11 sandbox, executing custom code, and analyzing attack surfaces. Examine the provided sample source code for each vulnerability to test and understand the issues firsthand. Note that participation requires Windows 8.1 RTM installation and tools such as Visual Studio 2013 and IDA Pro for analysis and development of sandbox escape examples.
Overview
Syllabus
Digging for IE11 Sandbox Escapes Part 1
Taught by
Black Hat