Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2014

29th April 2014 (that’s a Tuesday)
Kensington and Chelsea Town Hall, Hornton Street, London, W8 7NX
View analytic
Tuesday, April 29 • 11:00am - 11:45am
LOL (Layers On Layers) - bypassing endpoint security for fun and profit LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Limited Capacity seats available

Over the past many years, there've been a plethora of security solutions available for Windows-based endpoints; many users and
administrators have difficulty in assessing their strengths and weaknesses. Interestingly, many of these solutions are basically
helpless against kernelmode malicious code. Each kernel patch/0day creates a hole for organizations that goes unnoticed by most.

In this talk, we will take the recent public exploit for EPATHOBJ Windows kernel vulnerability and show that with some tweaks, we can use it to bypass application sandboxes, AV, HIPS, rootkit detectors, EMET and SMEP - even if these solutions are stacked one upon other. We simply keep on tweaking the exploit until we bypass _every security software_ that you would expect on a corporate user machine. This highlights the fact that "defense in depth" based on simultaneous deployment of multiple solutions sharing the same weakness is not satisfactory; we postulate the need for defensive methods that are immune to kernelmode exploits, and discuss the possible implementations.

The issue is far from theoretical - the modern malware (e.g. TDL4) is already using this particular EPATHOBJ exploit to gain
privileges. Also, the Windows kernel vulnerabilities are frequent, and this is not going to change anytime soon - we have to live
with them and be able to defend against them.

Speakers
avatar for Rafal Wojtczuk

Rafal Wojtczuk

Principal Security Architect, Bromium, Inc.
Rafal Wojtczuk has over 15 years of experience with computer security. Specializing primarily in kernel and virtualization security, over the years he has disclosed many security vulnerabilities in popular operating system kernels and virtualization software. He is also well known for his articles on advanced exploitation techniques, including novel methods for exploiting buffer overflows in partially randomized address space environments... Read More →


Tuesday April 29, 2014 11:00am - 11:45am
Small Hall The Town Hall, Hornton Street, London W8 7NX