ROP Mitigations Bypassed
ROP Mitigations Bypassed
Written by Andrew Johnson   
Monday, 13 August 2012

Whenever you improve your security fence, the dedicated intruder will find another way in. This has already happened to the latest release of Microsoft's anti-hacking toolkit, thereby defeating the ROPGuard protection that won a $50,000 prize.

Microsoft's BlueHat Prize for defenses against attacks on memory vulnerabilities was organized in conjunction with the annual BlackHat conference. The three prize winners all suggested solutions to counter ROP attacks and even before the prizes had been presented one of these had been put to work in a free tool that Microsoft makes available to sys admins.

Microsoft's General Manager for Trustworthy Computing Security, Matt Thomlinson, announced the latest version of its Enhanced Mitigation Experience Toolkit (EMET 5.3) on July 25 stating:

I’m excited to announce that we’ve already been able to incorporate one of these winning technologies into our free Enhanced Mitigation Experience Toolkit (EMET) 3.5 technology preview. The new Tech Preview of EMET offers four new checks based on Ivan Fratric’s ROP exploit mitigation to help prevent attacks utilizing ROP techniques.


rop

 

It took barely two weeks before a security researcher announced on his new REP RET blog that he had bypassed these new ROP Mitigations. Here is the You Tube video that demonstrate the exploit:

 

More details, including the asm code and the Kernelbase method used for a second exploit, can be found via the blog post.

More Information

Bypassing EMET 3.5's ROP Mitigation

Related Articles

BlueHat Prizes Awarded

 

justjsquare

 



 

Comments




or email your comment to: comments@i-programmer.info

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


Apache Impala Adds ODBC Scalar Functions
17/05/2018

Apache Impala has been updated to version 3, with new features including the addition of ODBC scalar functions that were missing from the previous release. Impala is an open source, native analytic da [ ... ]



The AI In The IDE - IntelliCode In Visual Studio
08/05/2018

Visual Studio is the old man of IDEs, on Windows at least, but this doesn't seem to mean that it isn't still developing. New at Build 2018 is IntelliCode -  IntelliCode not IntelliSense. It is no [ ... ]


More News

Last Updated ( Monday, 13 August 2012 )
 
 

   
Banner
RSS feed of news items only
I Programmer News
Copyright © 2018 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.