Questions tagged [anti-exploitation]

23 questions
82
votes
7 answers

Company claims hardwire connections are a security issue

Someone to whom I am related is at a study camp for their desired profession. This person, let's call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, which are spotty and…
Erin B
  • 802
  • 1
  • 6
  • 9
9
votes
2 answers

How effective is Windows KDP for exploit mitigation in practice?

Windows Kernel Data Protection is a kernel security feature which appears to use Extended Page Tables (EPT, a hardware virtualization feature) to enforce read-only pages. How effective is this at protecting from kernel exploits in the real world? Is…
forest
  • 64,616
  • 20
  • 206
  • 257
8
votes
3 answers

Did XSS reach its end-of-life with the introduction of the HTTP X-XSS-Protection header?

With the introduction of the HTTP X-XSS-Protection header it seems to me that the vulnerability impact (read: amount of possibly affected users with modern browsers) is drastically reduced. Firstly, does this mean that when the X-XSS-Protection…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
7
votes
4 answers

Stop Rubber Ducky HID attack

I have managed to stop most of the attack vectors using a varity of different group policies. The only one that I'm having issues with is when it uses the HID attack method. Has anybody come up with a solution of how to stop it imitating a keyboard…
ben950
  • 179
  • 2
7
votes
1 answer

Using instruction set architecture (ISA) to stop stack overflows

I have been learning about using stack overflows to get arbitrary code execution, one of the tricks used is overwriting the return address to make control flow go the way you want it. Assuming our system has NX bit. What if we made the CPU…
river
  • 183
  • 4
5
votes
1 answer

How can wrong time synchronization be exploited?

It happened to me a few times that I installed a Windows PC after the CMOS battery has been replaced and all sorts of things stopped working or threw security warnings, only to realize that I just need to set the clock, or click on the sync…
5
votes
1 answer

Is there a need to scan images with real-time scanners anymore?

Historically, there were some exploits for certain types of image files, notably JPEG images. Consequently, many real-time malware scanners (antivirus included) started scanning every JPEG image (as well as some other types of image files) every…
5
votes
1 answer

How does reuse attack protection (RAP) work?

The grsecurity folks just released a test patch for the 4.5 Linux kernel which includes Return Address Reuse Attack Protection or RAP, a protection technique against return-oriented programming (ROP). Their slides are beyond comprehension for me at…
jotik
  • 221
  • 1
  • 7
3
votes
1 answer

How to protect open ports for Services/Programs needed for network connectivity?

I've noticed a number of Windows services required for network connectivity maintain open ports. What can be done to ensure Service functionality without allowing the always-open ports to act as a network liability (i.e. hacking vulnerability)? As…
Thelps
  • 31
  • 4
3
votes
2 answers

Is shadow-stack using for anti-BufferOverflows only?

I have some questions about shadow stack conception: Is shadow-stack conception used for bufferoverflows preventions only? Is stack-canary adjacent with shadow-stack? What will happen if return addresses of stack and shadow-stack do not…
AseN
  • 155
  • 1
  • 7
3
votes
2 answers

Proof of concepts for published exploits

Do industry pros have VM's or various workstations setup to go through known exploits after they've been patched or is that less beneficial for learning than i'm imagining? I'm thinking, how can you understand the buffer overflow attack, or another…
3
votes
3 answers

Preventing buffer overruns when performance is no concern

Anti-exploitation technologies (DEP, ASLR, stack protector, etc.) do not provide complete protection. One reason for this is performance; these technologies are designed to work with a low performance overhead. For a system that has high security…
paj28
  • 32,736
  • 8
  • 92
  • 130
2
votes
0 answers

EMET is deprecated, which DLL implements the ring3 mitigation?

I'm reading this document: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide In older OS, EMET injects a DLL into the process. On latest Windows EMET is implemented by windows…
daisy
  • 1,735
  • 3
  • 25
  • 39
2
votes
0 answers

Methods of exploiting a Windows executable protected by "Control Flow Guard" and "Return Flow Guard"?

I understand that obtaining code execution by stack buffer-overflows were mitigated by DEP, which in turn lead to SEH and ROP exploit techniques etc. However, I don't see how to exploit an executable simultaneously protected by "Control Flow Guard"…
Shuzheng
  • 1,097
  • 4
  • 22
  • 37
1
vote
1 answer

Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

JTAG System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing…
J.Todd
  • 1,300
  • 1
  • 10
  • 20
1
2