Shatter Reloaded: Reviving shatter attacks to escape sandboxes and evade endpoint security products

Thu, 02 Jul 2020 @ 14:30:00

Shatter attacks were all the rage in 2003 but were quickly neutralized by DEP, UIPI and Session 0 isolation. 15 years later, confronted with a commercial sandbox and with state-of-the-art endpoint security products – we brought Shatter attacks back to life, extending and weaponizing them to be useful once more. In this talk, we’ll present a novel code injection technique that uses an enhanced shatter attack to stealthily inject code into window explorer on Win7 & Win10.