2014/02/21

Our talk at 17-th DCG meeting

    On February 11, 2014 we gave a talk about modern HIPS-es and Windows access control mechanisms internals at 17-th Defcon Russia Group meeting. We have been researching a lot of approaches to sandboxes creation during ReHIPS development. This research helped us make ReHIPS secure, fast, safe and ... compatible with Windows :) You can find the slides of our talk below.


2014/02/10

Announcement of upcoming ReHIPS 1.1.0 Beta release

    In this blogpost we'll briefly skim over some of new features of the upcoming ReHIPS 1.1.0 Beta release.
    First, ReHIPS 1.1.0 will be based on the new multithreading engine. This engine is more stable and faster than the previous one.
    Second, ReHIPS 1.1.0 will make your system much safer. In ReHIPS 1.1.0 restricted applications can be started on separate desktops. Switching between them is shown on the screenshot below.


    Separate desktops are necessary to prevent "sandbox escaping" using windows hooks. If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows and possibly execute arbitrary code in the context of allowed application.


    If DESKTOP_HOOKCONTROL access right was not set, then a restricted application may work incorrectly because runtime libraries use window hooks quite often. And even without this access right it's still possible to take screenshot of the current desktop.
    Being run on a separate desktop restricted applications can set any window hooks they want and take screenshots while other applications are safe and secure.
    We plan to release ReHIPS 1.1.0  Beta at the end of February. Stay tuned.