Matthias contributed a Control Flow Guard check to the ROP generator Ropper. It can be used to filter out gadgets that are not valid CFG targets. You can find the code in the official master branch of the Ropper github repository.
Matthias describes the latest versions of ROP mitigations that come with EMET 5.5 and Visual Studio 2015’s Control-Flow Guard. He presents the implementation and discusses the implications for an attacker trying to exploit a hardened application.
Antonio describes Cross-VM Address Space Layout Introspection (CAIN), an attack vector against page based same content memory deduplication in Virtual Machine Monitors (VMM).
We noticed two weaknesses in the EMET 5.5 ROP mitigations implementation. These issues might be known limitations but as we didn't find any public discussion of the issues we decided to issue a security note.
We discovered a new attack vector against memory deduplication in Virtual Machine Monitors (VMM) where attackers can effectively leak randomized base addresses of libraries and executables in processes of neighboring Virtual Machines (VM).