Shatter Reloaded: Reviving shatter attacks to escape sandboxes and evade endpoint security products presented at BSidesTLV 2020

by Gil Fidel,

Summary : Shatter attacks were all the rage in 2003 but were quickly neutralized by DEP, UIPI and Session 0 isolation. 15 years later, confronted with a commercial sandbox and with state-of-the-art endpoint security products – we brought Shatter attacks back to life, extending and weaponizing them to be useful once more. In this talk, we’ll present a novel code injection technique that uses an enhanced shatter attack to stealthily inject code into window explorer on Win7 & Win10.