14 DAY TRIAL // This year’s Hack in the Box conference in Amsterdam promises a lot of great challenges, but also a number of interesting topics that will be presented by the speakers. Two of the subjects detailed at HITB will be the “Ghost in the Windows 7 allocator” and the new Windows 8 RunTime feature.
Sebastien Renaud, senior security researcher at Quarkslab, and Kevin Szkudlapski, the main developer of the Medusa disassembler, will detail Windows RunTime, or WinRT, and the security enhancements it brings. They will present the programming languages that will support it, the compiler’s protections, and its flaws.
They will also take a look at the application model and try to demonstrate how they can bypass the security checks and embed a piece of malware in a legitimate-looking application.
Renaud and Szkudlapski will show the technology that powers WinRT, its most important parts and the way they interact.
“Once we understand that, we wil inspect the life and death of a WinRT application, from its start to the end of the process, in order to understand all security features involved,” the researchers wrote in their presentation.
Finally, they’ll analyze WinRT’s sandbox and compare it to the one utilized by Google Chrome. Also, they will introduce a concept called LowBox, which represents the implementation of the sandbox.
Another hot topic will be detailed by Steven Seeley, a senior penetration tester and security researcher at Stratsec BAE.
Since Windows 7 is an operating system utilized by millions of individuals and companies worldwide, the researcher focused on the ghost that haunts it, its heap manager.
Seeley has found that the mechanisms that limit the use of the operating system’s front end allocator can be abused to launch an attack against the heap manager.
The expert will not only explain older ways to exploit the component, but also a new one that targets the Low Fragmentation Heap.