Congratulations to Context’s James Forshaw for coming up with a new exploitation technique to win Microsoft’s first ever $100,000 bounty! James already has had success with design level bugs he found during the IE11 Preview Bug Bounty, and Microsoft are thrilled to announce that he continues to improve their platform-wide security by leaps and bounds.
Whilst Microsoft can’t go into the details of this new mitigation bypass technique until they address it, they are excited that they will be able to use these insights to better protect customers by proactively including defenses against these advanced techniques within future releases of their products. This knowledge helps Microsoft to make individual vulnerabilities less useful when attackers try to use them against customers.
Context invests heavily in cutting-edge research within the technical security arena and we are delighted that our team continues to lead the way in terms of developing new and innovative attacks and assessment techniques, thus helping our clients and vendors fix issues before they can be abused by attackers.
James will also be speaking at the HITB Security Conference in Malaysia on 17th October and at Breakpoint 2013 in Australia on the 25th October. Both presentations will discuss in detail “The Forger's Art: Exploiting XML Digital Signature Implementations”.