EXPLOITATION OF WINDOWS 8 METRO STYLE APPS presented at BlackHat USA 2012

by Sung-ting Tsai, Ming-chieh Pan,

Tags: Exploitation Windows 8 AppContainer Sandbox

Summary : "Windows 8 introduces lots of security improvements, one of the most interesting feature is the Metro-style app. It not only provides fancy user interface, but also a solid application sandbox environment.
All Metro-style application run in AppContainer, and the AppContainer sandbox isolates the execution of each application. It can make sure that an App does not have access to capabilities that it hasn't declared and been granted by the user.
This presentation will introduce the design of Metro-style app as well as AppContainer sandbox. We will dive into details of the architecture and see how it works, how does it protect from a malicious App attack. After reviewing the design, we will discuss some logic flaws that we have discovered, and demonstrate how do we bypass AppContainer to access files, launch program, connect to Internet. And also we will introduce how do we implement exploit/shellcode in Metro-style app by demonstrating a memory corruption vulnerability in a Broker process."