Windows Exploit Mitigation Techniques

Presented at Kiwicon 4: The four e:Sheep-persons of the Cyber Infopocalypse (2010), Nov. 27, 2010, 3:15 p.m. (60 minutes).

There's a war going on and depending on which side of the fence you sit, we are winning. Finding a bug is only the beginning; it requires further specialised knowledge to turn that bug into a reliable working exploit that has a commodity value. Since XPSP2, Microsoft started making advances in OS level mitigation techniques to prevent exploitation. As in any arms race, as one side builds a defence the other side develops a method to circumvent it. This talk will cover methods introduced since XPSP2 and how these methods can by bypassed to successfully execute arbitrary code. It will also discuss recent advances in bypassing DEP and ASLR and how it is possible - in some cases relatively straightforward - to side step these defences. One of the few techniques that is lacking in effective public bypass methods is SEHOP, and we will explain how this method developed by skape, 'may' actually be effective when correctly used. EMET (Enhanced Mitigation Experience Toolkit) is Microsoft's 'strap on' security answer for applications that can't natively secure themselves. Is this the end of the race, or should we expect an Enhanced Exploitation Experience Toolkit to be released in the future? Have I mentioned ROP?


Presenters:

  • Brett Moore
    New Zealand's very own security pinup, Brett "Remote Code Execution" Moore has walked the mean streets of these savage lands for over a decade. Shatter attacks? Brett Moore. Heap freelist technique? Brett Moore. Cradling his head in his hands against the back wall of the Defcon stage so he didn't barf on the lectern during his talk? Brett Moore.

Links:

Similar Presentations: