Escaping Windows Sandboxes - Tom Keetch - Hack in Paris

Explore the vulnerabilities in Microsoft's "practical sandboxing" techniques used by popular applications like Internet Explorer, Adobe Reader, and Google Chrome. Dive into an evaluation of three consumers of these sandbox mechanisms, examining their similarities, differences, and inherent flaws. Learn about exploit mitigations, integrity levels, and protection modes while understanding the methodology behind identifying weaknesses in these security measures. Gain insights into vendor responses and recent developments in sandbox escape techniques. This updated conference talk, originally presented at Black Hat Europe, offers a comprehensive look at escaping Windows sandboxes and the implications for memory corruption attacks.