Provoking Windows presented at DragonCon 2016

by Jeremy Brown,

Summary : Attack surface on Windows is vast and full of opportunities. It has been explored upside down and inside out, although there's always room for other ways to look at it. In this talk, I'll be discussing how to discover attack surface by poking the OS in various ways to reveal interfaces and opportunities often otherwise found by either luck or winning a timing race. Starting a discussion on these components will shake out new bugs or design subtleties as they may have yet to be audited in depth. We'll walk through tooling for both the offensive and defensive angles. I'll be looking at the latest version of Windows 10 and also Server. If you're interested in finding vulnerabilities in the most prevalent platform on earth, or a developer with the urge to know more about application security, this talk is for you and will probably give you some new ideas.