The Windows Sandbox Paradox

Explore the challenges and vulnerabilities of Windows sandboxing in this 45-minute conference talk from nullcon Goa 2015. Delve into the complexities of securing user applications against Remote Code Execution (RCE) vulnerabilities, examining the limitations of Windows operating system in providing robust sandboxing solutions. Discover how missing features, poor documentation, and unexpected behaviors make creating secure sandboxes on Windows a daunting task. Analyze specific issues with built-in technologies like Windows 8 AppContainer and learn about interesting bugs in sandboxed applications such as Chrome, Internet Explorer, and Adobe Reader. Gain valuable insights into auditing sandboxes effectively and understanding the intricacies of Windows security mechanisms, including object security descriptors, access tokens, and resource access checks. Examine various sandboxing approaches, from user-mode implementations to kernel-level protections, and explore the challenges posed by device drivers, file systems, and IPC technologies. Enhance your knowledge of Windows security architecture and improve your ability to identify and mitigate sandbox-related vulnerabilities in applications.