Thinking Outside The Sandbox - Violating Trust Boundaries in Uncommon Ways

by Brian Gorenc, Jasiel Spelman
Sept. 23, 2017 0 comments Black Hat belen_caty Pen Testing & Audits bypasstechniques sandbox

Our presentation will examine four bypass techniques successfully used in winning entries at this year's Pwn2Own contest. We will analyze the attack vector used, root causes, and possible fixes for each technique. These uncommon, yet highly effective, approaches have been used to bypass the most advanced application sandboxes in use today, and understanding them will provide a unique perspective for those working to find and verify such bypasses.