BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: The COW (Container On Windows) Who Escaped the Silo\ n When: Saturday\, Aug 13\, 14:00 - 14:45 PDT\n Where: Caesars Forum - Academy 401-410\, 421 (Track 3) - [1]Map\n\n SpeakerBio:Eran Segal \, S ecurity research team leader at SafeBreach\n Eran Segal is a research te am leader\, with more than 7 years\n experience in cyber security resear ch. Over the last three years\, he\n has been researching security proje cts in SafeBreach Labs\, after\n serving in various security positions i n the IDF. He specializes in\n research on Windows and embedded devices. \n\n Description:\n Virtualization and containers are the foundations of cloud services.\n Containers should be isolated from the real host’ s settings to\n ensure the security of the host.\n\n In this talk we ll answer these questions: “Are Windows\n process-isolated containers really isolated?” and “What can an\n attacker achieve by breaking t he isolation?”\n\n Before we jump into the vulnerabilities\, we’ll e xplain how Windows\n isolates the container’s processes\, filesystem a nd how the host\n prevents the container from executing syscalls which c an impact the\n host. Specifically\, we’ll focus on the isolation impl ementation of\n Ntoskrnl using server silos and job objects.\n\n We’ ll compare Windows containers to Linux containers and describe\n the dif ferences between their security architectural designs. We’ll\n follow the scenario of an attacker-crafted container running with low\n privile ges. We'll show in multiple ways how to gain privilege\n escalation insi de the container to NT/System. After gaining NT/System\n permissions\, w e'll talk about how we escaped the isolation of the\n container and easi ly achieved a dump of the entire host’s kernel\n memory from within th e container. If the host is configured with a\n kernel debugger\, we can even dump the host’s Admin credentials.\n\n We’ll finish by demonst rating how an attacker-crafted container with\n low privileges can read UEFI settings and then set them. Using this\n technique an attacker can communicate between containers and cause a\n permanent Denial-of-Service (DoS) to a host with default settings\,\n through the UEFI interface.\n \n '\n\n 1. https://defcon.outel.org/consolidated_page.html#CaesarsAca demyBR\n\n\n DTEND:20220813T214500Z DTSTART:20220813T210000Z LOCATION:DC - Caesars Forum - Academy 401-410\, 421 (Track 3) SUMMARY:The COW (Container On Windows) Who Escaped the Silo END:VEVENT END:VCALENDAR