A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Fun with Dr. Brown - Spencer McIntyre Bsides Cleveland 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Fun with Dr. Brown
Spencer McIntyre

The technique which we will describe in great technical detail, targets a vulnerability within EMET which allows our exploit to trigger it's protections without being stopped. This technique is unique in that it does not attempt to skip over or avoid EMETs protections, instead it corrupts critical components of EMET at runtime making it unnecessary for the rest of the attack to be aware of it's existence. We'll discuss the internal workings of EMET and what happens under the hood when a protection is triggered. This talk will also discuss the currently known EMET bypasses and which ones are still relevant.

As a member of the Research and Innovation team, Spencer McIntyre works to discover vulnerabilities within organizations systems and understand underlying risks. Mr. McIntyre balances his focus between vulnerability and in-house tool development. During his time with SecureState, Mr. McIntyre has worked with a variety of clients across multiple industries, giving him experience in how each secures their data and the threats that they encounter. Mr. McIntyre uses his background in software development to help him to understand and exploit the underlying logic in the software he encounters. He is active in the open source community, making multiple contributions to a variety of projects such as the Metasploit Framework and Scapy.


Back to Bsides Cleveland 2014 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast