Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Okay, I can understand that. Although I have yet to see them function in practice. For example: Spraying 300MB of Vector.<uint> objects followed by calling WinExec from the stack using $known_caller_mitigation_limitation will still result in the execution of a calculator. Mentioning the fact that MBAE contains mitigations X, Y and Z and a competitor does not is also a bit dubious as one cannot verify such claims, other vendors have been more open in mentioning what individual mitigations they provide.
  2. Could you mention a few exploitation techniques that should now be covered by the new Dynamic Anti-HeapSpraying and Anti-ROP mitigations? e.g. Spraying 300MB of Vector.<uint> objects does not trigger the Dynamic Anti-HeapSpraying mitigation.
  3. I would say, perform a test on Windows 8.1 and inject the tests into IE11 and you'll see different results
  4. Hi Pedro, could you describe the changes that certain new anti-ROP mitigations have brought? I am especially interested in seeing what type of attacks should be covered by the new: "Layer0 Dynamic Anti-HeapSpraying" and "Layer1 ROP-RET gadget detection" mitigations. Cheers, regenpijp
  5. No details or PoC code about this former zero-day. But if known exploitation techniques are being used, then most mitigation software available on the market will offer protection. Although in general it is still advised to migrate from Windows XP to a later operating system.
  6. Article describing why Edge is safer than IE: https://translate.google.com/translate?sl=nl&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fcomputerworld.nl%2Fbeveiliging%2F87389-8-manieren-waarop-edge-veiliger-is-dan-internet-explorer&edit-text=
  7. Exploiting 64-bit Edge is already exceptionally difficult. If an attacker is able to exploit a 64-bit browser with a sandbox and additional 'heap hardering' (To keep things easy) then an attacker would probably also have the skill to bypass MB Anti-Exploit, EMET 5.2 or any other exploit mitigation tool.
  8. Blocking exploits is not about blocking the vulnerability itself (That is impossible without a patch), it's about blocking the generic exploitation techniques involved. If generic exploitation techniques are used in combination with the HackingTeam vulnerabilities then MBAE will be able to block them, otherwise nope.
  9. Of course EMET is still useful when dealing with application that are not protected by MBAE Free
  10. Just for the record, it is useless to run EMET 4.1 and MBAE at the same time. MBAE contains all the functionality present in EMET 4.1 (except for EAF) plus a number of additional protections. Regarding EAF: Quite a number of EAF bypasses have already been published and EAF bypasses have already been used in the wild quite a lot. The only mitigation present in EMET 5.x that has not yet been publicly bypassed is EAF+. imo EAF+ is the only advantage of EMET 5.x over other mitigation tools.
  11. 1. You can also encounter exploits on legitimate websites through advertisements. 2. If your software is up-to-date then in general you're safe.
  12. Your post is not very clear but I'll try to answer what I understand: 1. afaik you need a separate license to run MBAE, but you can also just run the free version. 2a. Differences in hardware should not affect the behavior of MBAE. 2b. A list of known issues and conflicts can be found here: https://forums.malwarebytes.org/index.php?/topic/135127-known-issues-conflicts/ Hope this helps. Regards, regenpijp
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.