Hopefully, attackers will take note of the following to fully "cover their tracks" when employing the bypasses :
lol sure they will take note... if you knew all the Windows' bypasses i read about lately...even an researcher showing that ASLR was better implemented on Win7 than the one in Win10's Exploit Guard...
Nothing really new in that regard. Exploit Guard is just a "re-bagged" version of EMET built into WIN CEF. EMET has been bypassed multiple times in the past.
the researcher mentioned by @WildByDesign is the one i saw: https://www.wilderssecurity.com/thr...lr-failure-to-properly-randomize-win8.398024/
As noted there: It is disabled by default in Win 10 CFE. Then there is the question of if it is really needed. Viewing my active processes in Process Explorer, ASLR is enabled for almost all processes except an old third party USB 3.0 driver and likewise Realtek audio manager process. Also almost if not all drivers in Win 10 are kernel mode drivers. As such they are protected by Patchguard.
Appears the .reg key patch needs to be applied after all. Although system-wide Mandatory ASLR is disabled by default in main WD Security Center GUI, it is enabled in a number of individual Windows apps such as IE11 and I assume Edge to name a few.
