There's a war going on and depending on which side of the fence you sit, we are winning. Finding a bug is only the beginning; it requires further specialised knowledge to turn that bug into a reliable working exploit that has a commodity value. Since XPSP2, Microsoft started making advances in OS level mitigation techniques to prevent exploitation. As in any arms race, as one side builds a defence the other side develops a method to circumvent it. This talk will cover methods introduced since XPSP2 and how these methods can by bypassed to successfully execute arbitrary code. It will also discuss recent advances in bypassing DEP and ASLR and how it is possible - in some cases relatively straightforward - to side step these defences. One of the few techniques that is lacking in effective public bypass methods is SEHOP, and we will explain how this method developed by skape, 'may' actually be effective when correctly used. EMET (Enhanced Mitigation Experience Toolkit) is Microsoft's 'strap on' security answer for applications that can't natively secure themselves. Is this the end of the race, or should we expect an Enhanced Exploitation Experience Toolkit to be released in the future? Have I mentioned ROP?