Explore advanced techniques for discovering and exploiting Internet Explorer 11 sandbox escapes in this 40-minute Black Hat conference talk. Delve into the methodology used to uncover four sandbox vulnerabilities during Microsoft's bug bounty program for IE11 on Windows 8.1. Learn how to investigate the IE11 sandbox, execute custom code, and analyze potential attack surfaces. Gain insights into the Enhanced Protected Mode (EPM) sandbox and its implementation of Windows 8's App Container mechanism. Examine security flaws present since Vista and IE7, and receive sample source code to test these issues firsthand. Understand the intricacies of elevation policies, COM interfaces, NET Deployment Services, and various broker mechanisms within the IE11 ecosystem. Discover techniques for bypassing prompts, executing arbitrary code, and exploiting out-of-process storage vulnerabilities. Requires Windows 8.1 RTM, Visual Studio 2013, and IDA Pro for hands-on participation.