COM-pletely Unplanned: A Windows Bug Hunter's Journey to LPE
Dongjun Kim, Jongseong Kim | Day 1, 2:50pm - 3:35pm
Abstract
Component Object Model (COM) has been gaining attention as a new attack surface in Windows. While kernel vulnerabilities have been well-studied, many COM components remain unexplored from a security perspective.
Our research dug into these overlooked COM components using both established and novel bug patterns. We'll take you through our journey - from initial bug hunting to developing exploits that break through security boundaries. We discovered Race conditions, Type Confusion bugs, and Logic flaws that allowed us to escape multiple sandboxes.
From over 10 vulnerabilities we uncovered, we'll present 4 critical bugs that successfully compromised AppContainer and Adobe Acrobat's Sandbox.
The Speaker(s)
Dongjun Kim
Dongjun Kim is an offensive security researcher at Enki Whitehat. He has reported multiple vulnerabilities in Windows and Apple software. He is currently researching Windows exploitation and fuzzing techniques.
Jongseong Kim
Ajou University, ENKI WhiteHat security researcher. He is passionate about Windows Offensive Security. Throughout the past year, he has consistently identified Windows vulnerabilities. He was a speaker at the CODEBLUE 24 Conference, where he presented on the topic of Windows Kernel Driver Fuzzing.