• Infosec In the City (IIC)

Exploiting Windows Vista Resource Virtualization — by James Forshaw

Updated: Jun 19

#IICSG2019 Conference Deep-Tech Track


Day 1 (19 Jun 2019)

1.00pm—1.45pm

@ Breakout Room 1


[#IICSG2019 Conference Full Schedule]


Abstract

One of the big changes in Windows Vista was the introduction of UAC. Many Windows applications were written assuming they had complete control over all file and registry locations, by separating our administrators UAC created an application compatibility nightmare. These existing applications would try and write to the Windows folder or HKEY_LOCAL_MACHINE and fail to work correctly or in the worse cases crash. In order to deal with the problem, Microsoft added file and registry virtualization which transparently redirects administrator only registry and file access to user-accessible locations. This code is complex and inevitably have security implications. 

This presentation will go into how these virtualization mechanisms work on Windows 10 and explain in detail how I was able to exploit them for local privilege escalation.


2 views
 
  • Facebook
  • Twitter
  • YouTube

Contact Us

Terms of Use | Code of Conduct

All rights reserved.

IIC Productions (Pte. Ltd.) © 2017-2020.