Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Using EMET to Disable EMET

Black Hat via YouTube

Overview

Explore techniques for bypassing Microsoft's Enhanced Mitigation Experience Toolkit (EMET) in this 52-minute Black Hat conference talk. Delve into EMET's security mitigations for user mode programs and learn how attackers can potentially evade these protections. Examine methods for disabling EMET and similar endpoint security products that rely on DLL injection. Discover targeted EMET evasion strategies and their applicability to other enterprise security solutions. Gain insights into the limitations of address space-based exploit prevention techniques and the importance of custom exploit prevention methods. Includes a demonstration of exploit implementation and discusses Microsoft's patch addressing these vulnerabilities in EMET 5.5.

Syllabus

Introduction
Who am I
Amit
Lost the battery
Funny story
Load Library
EMET protections
Antidote
Previous Technique
Evaluation Techniques
Stackable Check
Custom Class Check
College Check
Call Register Return Gadget
Return into Shell Code
Same Exit Flow
Using EMET in MS HTML
Using EMET in Import Address Table
Targeted Evasion
Assumptions
API Address
Relative Jump
The Problem
Main Highlights
New Technique
DLL Main Prototype
Data Structures
Loading Library
Setting Context Thread
Exploit Implementation
Exploit Gadgets
How did Microsoft fix it
Importance of custom exploit prevention techniques
Demo

Taught by

Black Hat

Reviews

Start your review of Using EMET to Disable EMET

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.