Tencent ZhanluLab started to look into the Windows graphics subsystem for sandbox escapes a year and a half ago. To date we have discovered 15+ kernel vulnerabilities and successfully exploited Windows 10 from the Edge sandbox several times. This talk will be divided into two parts. In the first part, we will explain in detail how we analyze the graphics subsystem in depth and discuss several special attack vectors we have found. The second part, will discuss the syscall filter mechanism of the. Edge sandbox and introduce three methods to escape from the sandbox. These include: Analyzing object actions from the unfiltered.”]
Source: https://conference.hitb.org/hitbsecconf2018ams/sessions/over-the-edge-pwning-the-windows-kernel/