Samstag, 27. Dezember 2014

Bypassing Microsoft EMET

I wrote my bachelor thesis on bypassing Microsoft EMET (Enhanced Mitigation Experience Toolkit). EMET is a tool which can be used to further harden the operating system and applications against memory corruption attacks. Microsoft used it to test new protections. Later these techniques were directly integrated into Windows 10 (Exploit Guard).

At the beginning I had a very broad topic for my bachelor thesis which basically was to develop exploits for different operating systems to understand how memory corruption protections can be bypassed. I roughtly implemented 200 exploits for already known vulnerabilities (e.g.: Adobe Reader, Foxit Reader, different browsers, VLC, Java and a lot of poor software) for all major operating systems available at that time (from XP SP0 up to Windows 8.1; Red Hat, Debian, ...).

Since the topic started to get too big my supervisor asked me to focus on a more specific topic and since I found a nice EMET bypass at that time I wrote about it. I later presented the technique at 31C3, however, guys at Offensive Security also found the same bypass and published there results some weeks before I gave the talk.

Here you can find the recording of the talk(it includes references to all blog posts from other researchers): Talk