James Forshaw presents on 'Surface-Attack-Surface: Bypassing Code Integrity in 140 Characters or Fewer' at BlueHat 2013.
Windows 8 RT was the first desktop version of Windowswhich heavily restricted what a normal user could execute. While it providedalmost a complete desktop environment only code signed by a trusted Microsoftcertificate was allowed to run. This represents a significantly differentsecurity environment to typical remote-code-execution mitigations which makesthe large attack surface interesting.
This presentation will go through some of the changesmade to the desktop environment from Windows 7 to make it harder to circumventthe restrictions, some of the known ways unsigned code can be executed, as wellas some of the changes in Windows 8.1 RT to mitigate these issues.
