AtomBombing: Injecting Code Using Windows’ Atoms presented at BSidesSanFrancisco 2017

by Udi Yavo, Tal Liberman,

Summary : In this talk we present a code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). At the time of its release (October 2016), AtomBombing went undetected by common security solutions that focused on preventing infiltration.
AtomBombing affects all Windows versions. In particular, we tested it against Windows 10 and Windows 7.
Unfortunately, this issue cannot be patched by Microsoft since it doesn’t rely on broken or flawed code – rather on how these operating system mechanisms are designed.