A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Bypassing EMET 4.1 - Jared DeMott - @jareddemott (BSides Chicago 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Bypassing EMET 4.1
Jared DeMott

BSides Chicago 2014

The goal of this study is to gauge how difficult it is to bypass the protections offered by EMET, a popular Microsoft zero-day prevention capability. We initially focused on just the ROP protections, but later expanded the study to include a real world example. We were able to bypass EMET’s protections in example code and with a real world browser exploit. The primary novel elements in our research are:

Deep study regarding the ROP protections, using example applications to show how to bypass each of the five ROP checks in a generic manner. Detailed real world example showing how to defeat all relevant protections. Look for a new technique to bypass the stack pivot protection, shellcode complete with an EAF bypass, and more. These bypasses leverage generic limitations, and not easily repaired.

The impact of this study shows that technologies that operate on the same plane of execution as potentially malicious code, offer little lasting protection. This is true of EMET and other similar userland protections.

Back to BSides Chicago 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast