The Enhanced Mitigation Experience Toolkit (EMET) is a utility designed to help IT Professionals and users block hackers from gaining access to their systems through common attacks. EMET enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit vulnerabilities in a given piece of software. EMET is a free utility that helps prevent memory corruption vulnerabilities in software from being successfully exploited for code execution.
EMET has the following protection mechanisms built into it:
- Data Execution Prevention (DEP)
- Structured Exception Handler Overwrite Protection (SEHOP)
- Address Space Layout Randomization (ASLR)
- Certificate Trust (Pinning)
For ROP mitigations, heres the following methods for protection:
- Load Library checks : monitors load library and prevents loading libraries from UNC path.
- Memory protection checks : disallow making the stack area executable.
- Caller checks : checks to see when a critical function is reached if its reached through a call instruction rather than a RET. When building ROP gadgets, using return oriented programming, you build your ROP gadget through returns until you eventually have a way to circumvent data execution prevention.
- Simulate execution flow : tries to detect ROP gadgets following a call to a critical function.
- Stack pivot : checks to see if the stack has been pivoted.
- Deep hooks : protection of critical APIs and lower level APIs used by top level critical APIs.
- Anti Detours : Common shellcode techniques for evasion of hooks by executing a copy of the hooked function then jump to the function past the prologue will not work properly.
- Banned functions : Additional APIs will be detected and blocked.
Download The Enhanced Mitigation Experience Toolkit EMET 4.0
- Data Execution Prevention (DEP)
- Structured Exception Handler Overwrite Protection (SEHOP)
- Address Space Layout Randomization (ASLR)
- Certificate Trust (Pinning)
For ROP mitigations, heres the following methods for protection:
- Load Library checks : monitors load library and prevents loading libraries from UNC path.
- Memory protection checks : disallow making the stack area executable.
- Caller checks : checks to see when a critical function is reached if its reached through a call instruction rather than a RET. When building ROP gadgets, using return oriented programming, you build your ROP gadget through returns until you eventually have a way to circumvent data execution prevention.
- Simulate execution flow : tries to detect ROP gadgets following a call to a critical function.
- Stack pivot : checks to see if the stack has been pivoted.
- Deep hooks : protection of critical APIs and lower level APIs used by top level critical APIs.
- Anti Detours : Common shellcode techniques for evasion of hooks by executing a copy of the hooked function then jump to the function past the prologue will not work properly.
- Banned functions : Additional APIs will be detected and blocked.
Download The Enhanced Mitigation Experience Toolkit EMET 4.0
5:12 PM | 0
comments | Read More