HJH Posted January 27, 2015 ID:933355 Share Posted January 27, 2015 Hello Sirs, Are you able to explain in some details (meaning, purpose and benefits etc) for the following terms: DEP Bottom Up ASLR Anit-Heep Spraying Thanks! RegardsHJH Link to post Share on other sites More sharing options...
Staff pbust Posted January 27, 2015 Staff ID:933356 Share Posted January 27, 2015 Welcome to the forum HJH. These techniques are all part of MBAE's Layer0 which is called "Application Hardening". They are basically a set of known and well tested techniques to make applications more resilient against vulnerability exploit attacks. You can read more about them here, here and here. Link to post Share on other sites More sharing options...
HJH Posted January 27, 2015 Author ID:933358 Share Posted January 27, 2015 Hello Sirs! Thanks! Why need all three techniques? One is not good enough? RegardsHJH Link to post Share on other sites More sharing options...
HJH Posted January 27, 2015 Author ID:933359 Share Posted January 27, 2015 Hello Sirs, Can you explain what is the significance of Layer 0? How many layers are there and what is layer related to MBAE? Thanks! RegardsHJH Link to post Share on other sites More sharing options...
HJH Posted January 27, 2015 Author ID:933361 Share Posted January 27, 2015 Hello Sirs, Sorry for one more question! Is there a user manul or equivalent for Malwarebytes Anti-Exploit Premum which can explain all the terms used and symbols used by the software in particular in the log. Thanks! RegardsHJH Link to post Share on other sites More sharing options...
hake Posted January 27, 2015 ID:933478 Share Posted January 27, 2015 Layer zero is the maximum privilege kernel (innermost) layer of the operating system, e.g. Windows 7. Any software that can contrive to get itself running in layer zero has maximum privileges and can therefore do whatever it has been programmed to do without restriction. This is the holy grail of malware writers. The most skilled malware authors can take complete control of a computer and make it do all sorts of things, good or bad, without the user even being aware of it. Higher numbered layers (old fogeys like me think of the operating system as like concentric rings) have lower privileges. It is essential for application level software to run in ring 3 so it cannot do harm to the operating system because it has no direct access to ring (layer) 0. The operating system provides functions which allow application level software running in ring 3 to request that things like physical file accesses are done by the operating system ON BEHALF OF the requesting software, i.e. under the full control of the operating system. These concepts were in practical use back in 1974 when I first worked with the Prime 300 minicomputer. Primos, the Prime Computer Inc. operating system, embodied ring 0 and ring 3. It is the whole point of Anti-Exploit to prevent malware from contriving to get into layer zero. Link to post Share on other sites More sharing options...
HJH Posted January 27, 2015 Author ID:933496 Share Posted January 27, 2015 Hello Sirs, Wonderful explanation! I am now very clear! Thank you very much! RegardsHJH Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now