A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Sandboxes from a pen tester’s view - Rahul Kashyap Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Sandboxes from a pen tester’s view - Rahul Kashyap
Derbycon 2013

Description: In this talk we’ll do an architectural decomposition of application sandboxing technology from a security perspective. We look at various popular sandboxes such as Google Chrome, Adobe ReaderX, Sandboxie amongst others and discuss the limitations of each technology and it’s implementation. Further, we discuss in depth with live exploits how to break out of each category of sandbox by leveraging various kernel and user mode exploits – something that future malware could leverage. Some of these exploit vectors have not been discussed widely and awareness is important.

Bio: Rahul Kashyap is Chief Security Architect, Head of Security Research at Bromium Labs. Before joining Bromium, he led the worldwide Vulnerability Research teams at McAfee Labs, a wholly owned subsidiary of Intel. He has led both offense and defense oriented research with focus on exploit prevention and mitigation. Rahul has published papers in renowned security journals, and has been a speaker at several security conferences such as Blackhat EU, InfoSec UK, Shakacon, RSA.

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast