If you’re using Internet Explorer in immersive mode on Windows 8/8.1 to browse Internet web sites, under the hood, your browser will be running inside the Enhanced Protected Mode sandbox. Enhanced Protected Mode (EPM) is the sandboxing mechanism in IE that attempts to prevent a successful remote exploit from installing persistent malware and from stealing personal/sensitive information.
Enhanced Protected Mode was first introduced in IE 10 on Windows 8 and it is the improved version of the Protected Mode sandbox first introduced in IE 7 on Windows Vista. And as with other security features in widely deployed software, it is important to understand how the EPM sandbox works and assess its effectiveness.
Next week, I’ll be presenting my EPM sandbox research at Black Hat Asia 2014 in Singapore. In my talk, I’ll be discussing the internals of the EPM sandbox which includes the sandbox restrictions in place and the different components that make up of the EPM sandbox. I’ll then cover sandbox security where I’ll be discussing its limitations/weaknesses and the potential vectors for sandbox escape. And finally, I’ll wrap up by demonstrating a live EPM sandbox escape!
If you’re at Black Hat Asia next week, please drop by at my talk! (Briefings Day 2 – March 28, 9:00 am, Begonia 3011)
(Stay tuned after my Black Hat Asia presentation for a follow up post which will summarize my findings.)
No comments:
Post a Comment