Defeating Windows 8 ROP Mitigation

Discussion in 'other security issues & news' started by Hungry Man, Sep 22, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Last edited: Sep 22, 2011
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Lol, that didn't take long, though of course it's expected.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No, as with anything it's easy to see a way around it. That's why there are all of those articles on the mitigations included in EMET.

    I know one of the mitigations in EMET addresses ROP gadgets probably in a similar way, so they had that to work with long before Win8 was out.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Isn't it true that almost all mitigations can be bypassed on their own? The sauce is in combining them all together. ASLR,DEP,SEHOP,BottomUpRand,ROP,etc.

    Or did I miss the part in the article where he was testing ROP with all these active?
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm wondering that myself. ROP necessitates that you know where certain things are in memory. You would (possibly) have to bypass ASLR and BUR.

    EDIT: And maybe EAF.
     
Loading...
Thread Status:
Not open for further replies.