List of mitigation techniques?

Discussion in 'other security issues & news' started by Hungry Man, Apr 29, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man
    Offline

    Hungry Man Registered Member

    Looking for any you've heard of. Windows exclusively unless it's technology taht can make the jump to Windows/ is crossplatform.

    Ones I can think of:

    ASLR
    DEP
    Bottom Up Randomization
    Gadgetless Binaries
    Stack Cookies
    Safe SEH
    SEHOP
    EAF
  2. EncryptedBytes
    Offline

    EncryptedBytes Registered Member

    Are you just looking for mitigation techniques in regards to code exploitation or is this an open ended question for the entire prism in all areas? In that case please grab a warm cup of coffee at this time as there are a lot of them.;)
  3. Hungry Man
    Offline

    Hungry Man Registered Member

    In particular to code exploitation.
  4. BrandiCandi
    Offline

    BrandiCandi Guest

    So are you looking for mitigations for individual code exploitations? Or are you looking to confine whole groups of exploits?

    Have you ever messed with metasploit? Seems like learning the exploits would lead you to good ways to prevent them.
  5. Hungry Man
    Offline

    Hungry Man Registered Member

    Mitigations for whole groups of code exploitation.
  6. chronomatic
    Offline

    chronomatic Registered Member

    Basically MS uses the same technologies Linux/BSD uses. ASLR/NX/PIE/Stack protection. However, I think the *nix's are ahead as they have been at it longer and seem to have more mature (and stronger) implementations (especially with things like PaX).

    BTW, Hungry, I see you on the Ubuntu forums a lot. :cool:
  7. Hungry Man
    Offline

    Hungry Man Registered Member

    I've tried to post a bit there when people have questions.

    Yeah, they share many techniques. PAX definitely makes some areas much stronger. It depends a lot on the distro and ASLR on nix is lacking.

    But there are a lot of features that are compiler-time or windows only.

    One I forgot to mention in the first post was in-place code randomization.
  8. chronomatic
    Offline

    chronomatic Registered Member

    Well, it depends. The ASLR in the default kernel is not as strong as what PaX offers, and PaX also offers a robust RBAC which can't be found anywhere else. I would say a kernel compiled with PaX is stronger than what Windows offers. Linux also offers a lot of MAC implementations that are built into the kernel via LSM (SELinux, AppArmor, SMACK, etc.). The closest thing Windows offers to a MAC is what they call MIC (Mandatory Integrity Controls). However, it has critics like Tavis Ormandy.
    Last edited: May 2, 2012
  9. Hungry Man
    Offline

    Hungry Man Registered Member

    Yep, I agree with everything you've said. Though, to be clear, I think that even without PAX a distro like Ubuntu is easily configurable to be more secure than Windows and a distro like Fedora is already more secure without configuration.

    PAX does a lot of things, but one is clear - it increases the ASLR entropy and applies it to more areas.
  10. chronomatic
    Offline

    chronomatic Registered Member

    Yeah, it definitely increases the difficulty of brute-forcing it.
Thread Status:
Not open for further replies.