Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

The Subway Line 8 - Exploitation of Windows 8 Metro Style Apps

Type
Paper
Tags
Windows
Authors
Ming-chieh Pan, Sung-ting Tsai
Event
Black Hat USA 2012
Indexed on
May 26, 2014
URL
https://media.blackhat.com/bh-us-12/Briefings/Tsai/BH_US_12_Tsai_Pan_Exploiting_Windows8_WP.pdf
File name
BH_US_12_Tsai_Pan_Exploiting_Windows8_WP.pdf
File size
2.7 MB
MD5
246dbd53e4a52e5e29306565535f8496
SHA1
5a141d8e8d4e2f9726c9518f2350c215a9bf48f5

Windows 8 introduces lots of security improvements; one of the most interesting features is the Metro-style app. It not only provides fancy user interface, but also a solid application sandbox environment. All Metro-style applications run in AppContainer, and the AppContainer sandbox isolates the execution of each application. It can make sure that an App does not have access to capabilities that it hasn't declared and been granted by the user. This presentation will introduce the design of Metro-style app as well as AppContainer sandbox. We will dive into details of the architecture and see how it works, how does it protect from a malicious App attack. After reviewing the design, we are going to look for possible attack vectors to bypass the sandbox. Analysis will start from low level to high level. We will describe how we find the target to attack, and how we do analyze in different layers, such as debug of APLC, COM server attack, WinRT API fuzzing, and logic flaw discovery. Not only the methodology, we will also demonstrate some problems we have discovered, including tricks to bypass AppContainer to access files, launch program, and connect to Internet.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8165 documents and 530.8 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !