Yunhai Zhang is a security researcher of NSFOCUS security team. He has worked on computer security for more than a decade. He has spoken at BlackHat, BlueHat, CSS TSec, XCon. He has won Microsoft Mitigation Bypass Bounty 4 years in a row since 2014.
[Abstract]
==========
LoadLibrary is an old but powerful technique, and it plays an important role in Windows exploit. Therefore, Microsoft has introduced a series of mitigations, such as Image Load Policy, Strict Mode Control Flow Guard, Code Integrity Guard, and Arbitrary Code Guard, to restrict its ability.
This talk will discuss those mitigations and show some tricks to bypass them. With these tricks, all mitigations currently enabled in Windows 10 can be bypassed, and LoadLibrary can be used to achieve arbitrary code execution again.