regenpijp
Honorary Members-
Posts
29 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by regenpijp
-
Why should I buy Malwarebytes Anti-Exploit?
regenpijp replied to kvk007's topic in Anti-Exploit Beta
Okay, I can understand that. Although I have yet to see them function in practice. For example: Spraying 300MB of Vector.<uint> objects followed by calling WinExec from the stack using $known_caller_mitigation_limitation will still result in the execution of a calculator. Mentioning the fact that MBAE contains mitigations X, Y and Z and a competitor does not is also a bit dubious as one cannot verify such claims, other vendors have been more open in mentioning what individual mitigations they provide. -
Why should I buy Malwarebytes Anti-Exploit?
regenpijp replied to kvk007's topic in Anti-Exploit Beta
Could you mention a few exploitation techniques that should now be covered by the new Dynamic Anti-HeapSpraying and Anti-ROP mitigations? e.g. Spraying 300MB of Vector.<uint> objects does not trigger the Dynamic Anti-HeapSpraying mitigation. -
I would say, perform a test on Windows 8.1 and inject the tests into IE11 and you'll see different results
-
Hi Pedro, could you describe the changes that certain new anti-ROP mitigations have brought? I am especially interested in seeing what type of attacks should be covered by the new: "Layer0 Dynamic Anti-HeapSpraying" and "Layer1 ROP-RET gadget detection" mitigations. Cheers, regenpijp
-
Does MBAE Protect IE From The August Exploit On XP?
regenpijp replied to moo4x's topic in Anti-Exploit Beta
No details or PoC code about this former zero-day. But if known exploitation techniques are being used, then most mitigation software available on the market will offer protection. Although in general it is still advised to migrate from Windows XP to a later operating system. -
Or add it manually
-
Support For The Edge Browser in Windows 10?
regenpijp replied to Nesivos's topic in Anti-Exploit Beta
Article describing why Edge is safer than IE: https://translate.google.com/translate?sl=nl&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fcomputerworld.nl%2Fbeveiliging%2F87389-8-manieren-waarop-edge-veiliger-is-dan-internet-explorer&edit-text= -
Support For The Edge Browser in Windows 10?
regenpijp replied to Nesivos's topic in Anti-Exploit Beta
Exploiting 64-bit Edge is already exceptionally difficult. If an attacker is able to exploit a 64-bit browser with a sandbox and additional 'heap hardering' (To keep things easy) then an attacker would probably also have the skill to bypass MB Anti-Exploit, EMET 5.2 or any other exploit mitigation tool. -
Does Anti-Exploit protect from Adobe Flash exploits?
regenpijp replied to Shoonay's topic in Anti-Exploit Beta
Blocking exploits is not about blocking the vulnerability itself (That is impossible without a patch), it's about blocking the generic exploitation techniques involved. If generic exploitation techniques are used in combination with the HackingTeam vulnerabilities then MBAE will be able to block them, otherwise nope. -
Of course EMET is still useful when dealing with application that are not protected by MBAE Free
-
Just for the record, it is useless to run EMET 4.1 and MBAE at the same time. MBAE contains all the functionality present in EMET 4.1 (except for EAF) plus a number of additional protections. Regarding EAF: Quite a number of EAF bypasses have already been published and EAF bypasses have already been used in the wild quite a lot. The only mitigation present in EMET 5.x that has not yet been publicly bypassed is EAF+. imo EAF+ is the only advantage of EMET 5.x over other mitigation tools.
-
1. You can also encounter exploits on legitimate websites through advertisements. 2. If your software is up-to-date then in general you're safe.
-
Are mbae and mbam not packable as one service?
regenpijp replied to 21emanresu's topic in Anti-Exploit Beta
Your post is not very clear but I'll try to answer what I understand: 1. afaik you need a separate license to run MBAE, but you can also just run the free version. 2a. Differences in hardware should not affect the behavior of MBAE. 2b. A list of known issues and conflicts can be found here: https://forums.malwarebytes.org/index.php?/topic/135127-known-issues-conflicts/ Hope this helps. Regards, regenpijp -
-
MBAM != MBAE
-
You should not be concerned about those entries. They are just to inform you about certain mitigations that have been enforced.
-
According to https://www.malwarebytes.org/antiexploit/Anti-Exploit should be compatible with all 32 and 64-bit versions of Windows ranging from Windows XP to Windows 8.1
-
POODLE is an attack against the SSL 3.0 protocol. --> https://www.openssl.org/~bodo/ssl-poodle.pdf I'm not aware of any mitigation tool (EMET, HMPA, MBAE) that is able of 'fixing' this kind of problems. POODLE isn't even used for compromising browsers. It is just a theoretically attack against SSL 3.0 traffic. Thus, as far as I know it can only be used to perform a Man in the Middle attack against encrypted traffic.
-
@hake POODLE is *not* targetting web browsers, it only targets encrypted traffic (HTTPS). You have a completely wrong view of the kind of vulnerability that is involved.
-
EMET 5 can be disarmed so why not MBAE, too?
regenpijp replied to vanguardlh's topic in Anti-Exploit Beta
@pbust That would be great. I still have a bypass for the Java mitigation laying around ... -
Dear Malwarebytes, I was wondering if you could provide a full list of exploit mitigations that MBAE employs in order to stop certain type of attacks. Currently I'm not able to fully compare MBAE with EMET. (Ease of use is not an issue) For more IT involved people the list provided at: https://forums.malwarebytes.org/index.php?/topic/136424-frequently-asked-questions/?p=846361 might be a bit short. I hope it's possible to answer this question. Best regards, Regenpijp