Jump to content
testtest323

Additional Mitigations

Recommended Posts

I wonder why MBAE doesn't have additional mitigation like EMET has? For example.

  • Attack Surface Reduction
  • Load Library Protection
  • Export Address Table Access Filtering
  • Export Address Table Access Filtering Plus

I would like to block certain dll's and win32 api functions. This should be for advanced users obviously.

It seems that EMET blocks detouring & dll injection as well? Not sure about MBAE.

https://adsecurity.org/?p=157

Edited by testtest323

Share this post


Link to post
Share on other sites

EMET has some EMET-specific mitigations and limited in nature as compared to MBAE.

For example, EMET has ASR which basically disables a bunch of content in certain applications. They do this since they cannot protect from exploits through those applications, while MBAE's Layer3 can (think Java exploits, application design abuses, etc.).

OTOH EMET has some anti-detouring since it uses Detours. But MBAE does not need those since it uses a different approach.

Last but not least, MBAE uses a multi layer approach to mitigations and the mitigations we have in place are the ones that make the most amount of sense to us to deal with exploits ITW. MBAE is also supported and maintained actively, while EMET is not.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.