When researchers think of Microsoft Windows process mitigations they're likely to come up with DEP and ASLR. However Microsoft has been adding a number lesser known mitigations ranging from blocking Win32k system calls to reducing a sandbox's attack surface which already assume RCE has been achieved. This presentation will describe the implementation of these less well known mitigations, some silly bypasses and bugs in their implementations as well as how you can use them in real world code to improve the security of your own applications.
James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he has numerous disclosures in a wide range of products from web browsers to virtual machine breakouts as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.