Explore the intricacies of Windows security mechanisms in this 27-minute conference talk from OffensiveCon23. Delve into the MojoBlob Registry, examining its code structure, service-side dispatch, and message validation processes. Gain insights into dispatch validators, request and response IDs, provider interfaces, and type confusion. Learn about potential security implications, including the classic blob registry and ways to disable message validation. Understand how these components interact and impact Windows system security through practical demonstrations and expert analysis.
Overview
Syllabus
Intro
Story
Overview
What is Mojo
Blob Registry
Code Structure
Service Side Dispatch
Message Dispatch
Return Types
Dispatch
Validator
Request ID
Response ID
Provider Interface
Type Confusion
Demo
Quote
Handles
Lunch time
Disable message validation
Classic blob registry
Taught by
OffensiveCon
