#HITB2012AMS - WinRT and the "Ghost" in the Windows 7 Allocator
This year’s Hack in the Box conference in Amsterdam promises a lot of great challenges, but also a number of interesting topics that will be presented by the speakers. Two of the subjects detailed at HITB will be the “Ghost in the Windows 7 allocator” and the new Windows 8 RunTime feature.
Sebastien Renaud, senior security researcher at Quarkslab, and Kevin Szkudlapski, the main developer of the Medusa disassembler, will detail Windows RunTime, or WinRT, and the security enhancements it brings. They will present the programming languages that will support it, the compiler’s protections, and its flaws.
They will also take a look at the application model and try to demonstrate how they can bypass the security checks and embed a piece of malware in a legitimate-looking application. Renaud and Szkudlapski will show the technology that powers WinRT, its most important parts and the way they interact. “Once we understand that, we wil inspect the life and death of a WinRT application, from its start to the end of the process, in order to understand all security features involved,” the researchers wrote in their presentation.
- Thu, 2013-05-23 10:39
- Thu, 2013-03-14 20:45
- Thu, 2013-01-03 08:54