List of mitigation techniques?

Looking for any you've heard of. Windows exclusively unless it's technology taht can make the jump to Windows/ is crossplatform.

Ones I can think of:

ASLR
DEP
Bottom Up Randomization
Gadgetless Binaries
Stack Cookies
Safe SEH
SEHOP
EAF

 

Are you just looking for mitigation techniques in regards to code exploitation or is this an open ended question for the entire prism in all areas? In that case please grab a warm cup of coffee at this time as there are a lot of them.

 

In particular to code exploitation.

 

So are you looking for mitigations for individual code exploitations? Or are you looking to confine whole groups of exploits?

Have you ever messed with metasploit? Seems like learning the exploits would lead you to good ways to prevent them.

 

Mitigations for whole groups of code exploitation.

 

Basically MS uses the same technologies Linux/BSD uses. ASLR/NX/PIE/Stack protection. However, I think the *nix's are ahead as they have been at it longer and seem to have more mature (and stronger) implementations (especially with things like PaX).

BTW, Hungry, I see you on the Ubuntu forums a lot.

 

I've tried to post a bit there when people have questions.

Yeah, they share many techniques. PAX definitely makes some areas much stronger. It depends a lot on the distro and ASLR on nix is lacking.

But there are a lot of features that are compiler-time or windows only.

One I forgot to mention in the first post was in-place code randomization.

 

Well, it depends. The ASLR in the default kernel is not as strong as what PaX offers, and PaX also offers a robust RBAC which can't be found anywhere else. I would say a kernel compiled with PaX is stronger than what Windows offers. Linux also offers a lot of MAC implementations that are built into the kernel via LSM (SELinux, AppArmor, SMACK, etc.). The closest thing Windows offers to a MAC is what they call MIC (Mandatory Integrity Controls). However, it has critics like Tavis Ormandy.

 

Yep, I agree with everything you've said. Though, to be clear, I think that even without PAX a distro like Ubuntu is easily configurable to be more secure than Windows and a distro like Fedora is already more secure without configuration.

PAX does a lot of things, but one is clear - it increases the ASLR entropy and applies it to more areas.

 

Yeah, it definitely increases the difficulty of brute-forcing it.