Jump to content

Additional Mitigations


testtest323
 Share

Recommended Posts

I wonder why MBAE doesn't have additional mitigation like EMET has? For example.

  • Attack Surface Reduction
  • Load Library Protection
  • Export Address Table Access Filtering
  • Export Address Table Access Filtering Plus

I would like to block certain dll's and win32 api functions. This should be for advanced users obviously.

It seems that EMET blocks detouring & dll injection as well? Not sure about MBAE.

https://adsecurity.org/?p=157

Edited by testtest323
Link to post
Share on other sites

  • Staff

EMET has some EMET-specific mitigations and limited in nature as compared to MBAE.

For example, EMET has ASR which basically disables a bunch of content in certain applications. They do this since they cannot protect from exploits through those applications, while MBAE's Layer3 can (think Java exploits, application design abuses, etc.).

OTOH EMET has some anti-detouring since it uses Detours. But MBAE does not need those since it uses a different approach.

Last but not least, MBAE uses a multi layer approach to mitigations and the mitigations we have in place are the ones that make the most amount of sense to us to deal with exploits ITW. MBAE is also supported and maintained actively, while EMET is not.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.