Problem

More documents

Recommendations

Info

“Assume Breach” PWN2OWN & Data Influenced Mitigations CFG: suppress sensitive APIs Flash: Eliminate RWX ATL thunks Junctions: Prevent sandbox processes from creating NTFS junctions – TH1 Fonts: Move font parsing to user mode sandbox Edge: Prevent content processes from creating child processes Edge: Enable win32k system call restrictions How do we design effective mitigations pro-actively?
REDTEAM: Model real-world attacks • Model attacks based on ecosystem analysis and threat intelligence Identify security gaps • Measure Time-to- Compromise (MTTC) / Pwnage (MTTP) Demonstrate impact • Break-it-you-bought-it work with teams to address issues • Evaluate the customerpromises from an attack perspective • Provide data sets of detection-and-response • Attack the full stack in production configuration (software, configuration, hardware, OEMs) • Identify invariant techniques for mitigation • Simulate a real-world incident response before it occurs (process, owners, messaging) • Provide detection guidance for Defenders Assume Breach: An Inside Look at Cloud Service Provider Security - Russinovich • Design mitigations to drive up MTTC/MTTP metrics • Enumerate business and legal risk • Show business value, priorities, and investments needs with demonstrable attacks
Page 3 and 4: • S Problem: Preventative Securit
Page 5 and 6: Internal Data Sources External Data
Page 7 and 8: Percentage of Use Analysis: 90 80 7
Page 9: Assume Breach Prevent Breach Threat
Page 15: Internet Explorer, Edge, & Chakra S
Page 18 and 19: 1. Allocate object p = new COptionE
Page 20: No legacy document modes No legacy
Page 24 and 25: Place array length at a predictable
Page 26 and 27: Return addresses are not protected
Page 28: Execute arbitrary native code Code
Page 31 and 32: Non-paged pool System Page tables c
Page 34: Win32 Process Store App AppContaine
Page 38 and 39: Legend 2/4/2014 CVE-2014-0497 Explo

Problem

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?