Microsoft Release BlueHat 2013 Presentation

28 May 2014

James Forshaw presents on 'Surface-Attack-Surface: Bypassing Code Integrity in 140 Characters or Fewer' at BlueHat 2013.

Windows 8 RT was the first desktop version of Windowswhich heavily restricted what a normal user could execute. While it providedalmost a complete desktop environment only code signed by a trusted Microsoftcertificate was allowed to run. This represents a significantly differentsecurity environment to typical remote-code-execution mitigations which makesthe large attack surface interesting.

This presentation will go through some of the changesmade to the desktop environment from Windows 7 to make it harder to circumventthe restrictions, some of the known ways unsigned code can be executed, as wellas some of the changes in Windows 8.1 RT to mitigate these issues.

To watch James present live, click here to view a video.

To download a copy of the presentation slides click here.

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA