BSidesSF 2017 - AtomBombing: Injecting Code Using Windows’ Atoms (Tal Liberman)

AtomBombing: Injecting Code Using Windows’ Atoms In this talk we present a code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). At the time of its release (October 2016), AtomBombing went undetected by common security solutions that focused on preventing infiltration. AtomBombing affects all Windows versions. In particular, we tested it against Windows 10 and Windows 7. Unfortunately, this issue cannot be patched by Microsoft since it doesn’t rely on broken or flawed code – rather on how these operating system mechanisms are designed.