Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by regenpijp

  1. Okay, I can understand that. Although I have yet to see them function in practice. For example: Spraying 300MB of Vector.<uint> objects followed by calling WinExec from the stack using $known_caller_mitigation_limitation will still result in the execution of a calculator. Mentioning the fact that MBAE contains mitigations X, Y and Z and a competitor does not is also a bit dubious as one cannot verify such claims, other vendors have been more open in mentioning what individual mitigations they provide.
  2. Could you mention a few exploitation techniques that should now be covered by the new Dynamic Anti-HeapSpraying and Anti-ROP mitigations? e.g. Spraying 300MB of Vector.<uint> objects does not trigger the Dynamic Anti-HeapSpraying mitigation.
  3. I would say, perform a test on Windows 8.1 and inject the tests into IE11 and you'll see different results
  4. Hi Pedro, could you describe the changes that certain new anti-ROP mitigations have brought? I am especially interested in seeing what type of attacks should be covered by the new: "Layer0 Dynamic Anti-HeapSpraying" and "Layer1 ROP-RET gadget detection" mitigations. Cheers, regenpijp
  5. No details or PoC code about this former zero-day. But if known exploitation techniques are being used, then most mitigation software available on the market will offer protection. Although in general it is still advised to migrate from Windows XP to a later operating system.
  6. Article describing why Edge is safer than IE: https://translate.google.com/translate?sl=nl&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fcomputerworld.nl%2Fbeveiliging%2F87389-8-manieren-waarop-edge-veiliger-is-dan-internet-explorer&edit-text=
  7. Exploiting 64-bit Edge is already exceptionally difficult. If an attacker is able to exploit a 64-bit browser with a sandbox and additional 'heap hardering' (To keep things easy) then an attacker would probably also have the skill to bypass MB Anti-Exploit, EMET 5.2 or any other exploit mitigation tool.
  8. Blocking exploits is not about blocking the vulnerability itself (That is impossible without a patch), it's about blocking the generic exploitation techniques involved. If generic exploitation techniques are used in combination with the HackingTeam vulnerabilities then MBAE will be able to block them, otherwise nope.
  9. Of course EMET is still useful when dealing with application that are not protected by MBAE Free
  10. Just for the record, it is useless to run EMET 4.1 and MBAE at the same time. MBAE contains all the functionality present in EMET 4.1 (except for EAF) plus a number of additional protections. Regarding EAF: Quite a number of EAF bypasses have already been published and EAF bypasses have already been used in the wild quite a lot. The only mitigation present in EMET 5.x that has not yet been publicly bypassed is EAF+. imo EAF+ is the only advantage of EMET 5.x over other mitigation tools.
  11. 1. You can also encounter exploits on legitimate websites through advertisements. 2. If your software is up-to-date then in general you're safe.
  12. Your post is not very clear but I'll try to answer what I understand: 1. afaik you need a separate license to run MBAE, but you can also just run the free version. 2a. Differences in hardware should not affect the behavior of MBAE. 2b. A list of known issues and conflicts can be found here: https://forums.malwarebytes.org/index.php?/topic/135127-known-issues-conflicts/ Hope this helps. Regards, regenpijp
  13. You should not be concerned about those entries. They are just to inform you about certain mitigations that have been enforced.
  14. According to https://www.malwarebytes.org/antiexploit/Anti-Exploit should be compatible with all 32 and 64-bit versions of Windows ranging from Windows XP to Windows 8.1
  15. POODLE is an attack against the SSL 3.0 protocol. --> https://www.openssl.org/~bodo/ssl-poodle.pdf I'm not aware of any mitigation tool (EMET, HMPA, MBAE) that is able of 'fixing' this kind of problems. POODLE isn't even used for compromising browsers. It is just a theoretically attack against SSL 3.0 traffic. Thus, as far as I know it can only be used to perform a Man in the Middle attack against encrypted traffic.
  16. @hake POODLE is *not* targetting web browsers, it only targets encrypted traffic (HTTPS). You have a completely wrong view of the kind of vulnerability that is involved.
  17. @pbust That would be great. I still have a bypass for the Java mitigation laying around ...
  18. Dear Malwarebytes, I was wondering if you could provide a full list of exploit mitigations that MBAE employs in order to stop certain type of attacks. Currently I'm not able to fully compare MBAE with EMET. (Ease of use is not an issue) For more IT involved people the list provided at: https://forums.malwarebytes.org/index.php?/topic/136424-frequently-asked-questions/?p=846361 might be a bit short. I hope it's possible to answer this question. Best regards, Regenpijp
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.