Log in

View Full Version : eEye - Generic Anti-Exploitation Technology for Windows

Kayaker
December 15th, 2005, 01:33
Another interesting paper on this subject from eEye.

eEye Digital Security
Technical White Paper
Generic Anti-Exploitation Technology for Windows

http://www.eeye.com/html/research/whitepapers/index.html

Code:


Table of Contents

Abstract 1

Scope  1

Definitions and Terminology 1

Cause and Effect  2

Program Control Flow 2

History of Anti-Exploitation 4

  Compiled-In 4

  Compiled-In Solutions – Summary  7

  Linked / Injected 7

  Kernel  8

  Other Projects 11

Windows Anti-Exploitation Technologies 12

  Protecting the Stack 12

  Protecting the Heap 13

  SEH Security  17

  PEB Randomization 19

  Pointer Security  21

  NX Memory and Hardware Enforced DEP  21

  Summary  23

3rd Party Anti-Exploitation Technology for Windows 24

  Userland API Hooking 25

  Return address checks  26

  Forward Emulation  26

  Windows PAGEEXEC 27

  Windows ASLR 27

  Kernel API hooking 27

  Mitigation of malicious activity 29

  Self Defense  30

Future Approaches  30

Conclusions 33

  Most Anti-exploitation technology provides less security than claimed 33

  3rd party solutions will remain attractive mid-term 33

  Future solutions will unify anti-exploitation and mitigation approaches  35

  Anti-exploitation is imperfect and should be a last resort 36

  Bibliography  37
dELTA
December 17th, 2005, 04:45
Nice, they are cool guys indeed.
blackjake
December 28th, 2005, 10:39
Good thing! thanks for sharing!