xorlab

Menu

Security Blog

Bypassing EMET 5.5 MemProt using VirtualAlloc

by Matthias Ganz

Introduction

EMET is a free tool to mitigate software exploits on Windows systems. Typically, EMET protects exposed processes like your web browser including your favorite browser plugins (e.g. flash player). EMET deploys various countermeasures to make exploitation more difficult for an attacker. In the past, there has been some work published on how to bypass or even disable EMET. This post presents another fairly simple way on how to bypass EMET 5.5 Memory Protection checks using the VirtualAlloc function.

Read full post

Cross-VM Address-Space Layout INtrospection (CAIN)

by Antonio Barresi

We found an attack vector against memory deduplication in Virtual Machine Monitors (VMM) where attackers can effectively leak randomized base addresses of libraries and executables in processes of neighboring Virtual Machines (VM). The attack takes advantage of the well known memory deduplication side-channel.

Read full post

Bypassing non-executable memory, ASLR and stack canaries on x86-64 Linux

by Antonio Barresi

This post will walk you through the exploitation of a vulnerable program on a modern x86-64 Linux system. The program was deliberately written vulnerable and we will bypass modern exploit mitigation techniques like non-executable memory, ASLR and stack canaries. The motivation of doing this is to get a basic understanding of how memory corruption vulnerabilities can be exploited on x86-64 Linux systems under the presence of a memory leak and a stack based buffer overflow.

Read full post