Overview
Syllabus
Introduction
Who am I
Amit
Lost the battery
Funny story
Load Library
EMET protections
Antidote
Previous Technique
Evaluation Techniques
Stackable Check
Custom Class Check
College Check
Call Register Return Gadget
Return into Shell Code
Same Exit Flow
Using EMET in MS HTML
Using EMET in Import Address Table
Targeted Evasion
Assumptions
API Address
Relative Jump
The Problem
Main Highlights
New Technique
DLL Main Prototype
Data Structures
Loading Library
Setting Context Thread
Exploit Implementation
Exploit Gadgets
How did Microsoft fix it
Importance of custom exploit prevention techniques
Demo
Taught by
Black Hat