Friday December 25th

Friday December 18th

Thursday December 3rd

Tuesday December 1st

Monday November 16th

Sunday November 15th

Friday November 6th

Tuesday November 3rd

Wednesday October 14th

2 Kicks

Bypassing EMET with a Single Instruction

• While much of public vulnerability research focuses on pure 32-bit app exploitation, the fact is, a significant portion of 32-bit software is now running on 64-bit operating systems. • In this report, we’ll demonstrate a technique to bypass all payload/shellcode execution and ROP-related mitigations provided by EMET using the WoW64 compatibility layer provided in 64-bit Windows editions. • To demonstrate how we can bypass EMET by abusing WoW64, we’ll modify an existing use-after-free Adobe Flash exploit. • We’ll also discuss limitations and avenues of exploitation, obfuscation, and antiemulation imposed by WoW64 on 32-bit applications.

0 comments

Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading InfoSecKicks...
brought to you by the Kicks Network