BH_US_12_Tsai_Pan_Exploiting_Windows8_WP

Recommendations

Info

You must know API before fuzzing it. The metro style app API can be categorized in UI, Device, Media, Communication & data and Fundamentals. As for the testing to WinRT, we can apply the same methods with other application fuzzing, such as IE : append some abnormal arguments or tags to all methods, and see if something was going wrong. All we have to do is iterating all mutations and combinations through each API. 5.2 A Broker Process Memory Corruption During the testing, we discovered a memory corruption problem in a broker process – OpenWith.exe. And we found this is possible exploitable: 22
We used !exploitable Crash Analyzer (MSEC Debugger Extension), a windbg plugin to investigate this bug and found it to be exploitable. Like picture shows: Call dword ptr [ecx+18h]. And it also shows “PROBABLY_EXPLOITABLE” 23
Page 1 and 2: The Line 8 Subway Exploitation of W
Page 3 and 4: 5.2 A Broker Process Memory Corrupt
Page 5 and 6: When users get apps from the Window
Page 7 and 8: The architecture provides safe, sec
Page 9 and 10: Sending message or keyboard events
Page 11 and 12: 3. Debug of ALPC communication The
Page 13 and 14: Please be noted that this hook is a
Page 15 and 16: 4. Attack COM server 4.1 COM on Win
Page 17 and 18: In this sample, TabTip is a COM ser
Page 19 and 20: 4.4 Find Interface and Functions Af
Page 21: 4.7 Attack Trend Since there are mo
Page 25 and 26: This bug was fixed in Release Previ
Page 27 and 28: Launch cmd.exe in a Metro Style App
Page 29 and 30: 6.3 Bypass File/Folder Access Durin
Page 31 and 32: {549E57E9-B362-49D1-B679-B64D510EFE
Page 33 and 34: DEBUG_FLR_IMAGE_TIMESTAMP: 4f3f076c

BH_US_12_Tsai_Pan_Exploiting_Windows8_WP

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?