Automated Discovery of Logical Privilege Escalation Bugs in Windows 10

Explore an innovative approach to automated discovery of logical privilege escalation vulnerabilities in Windows 10 services in this 50-minute conference talk from the Hack In The Box Security Conference. Delve into the methodology for building an automated system that simulates user interactions and calls related interfaces to uncover and preliminarily analyze logical vulnerabilities. Learn how the speakers leveraged historical bug analysis and minimal Windows internals knowledge to develop this technique. Gain insights into their examination of Advanced Local Procedure Call (ALPC) in Windows, which led to the discovery of a local privilege escalation bug. Understand the challenges of overcoming security checks like TOCTOU problems and the advanced skills employed to bypass these checks. Discover how the automated discovery system was constructed and successfully identified three new vulnerabilities in just one week.