Star 0


This is a sequel to my presentation at Syscan’15 about abusing symbolic links on Windows. Since giving that presentation the use of symbolic links on Windows has changed. The biggest of which is Microsoft have added mitigations to block or restrict the use of symbolic links when running in a sandboxed context. This makes many sandbox escapes which were once exploitable fully mitigated.In this new presentation I’ll detail some of the changes MS have made to symbolic links including how they mitigate against attacks from sandboxes. It also includes some of the ways I’ve bypassed their protections over the years. Finally I’ll describe some sandbox escapes that MS won’t fix because symbolic links are mitigated, which could be exploited if only you can find a new way.