windows环境中的现代二进制攻击和防御——七回合对抗微软EMET

2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY) Pub Date : 2015-09-01 DOI:10.1109/SISY.2015.7325394

Z. Németh

{"title":"windows环境中的现代二进制攻击和防御——七回合对抗微软EMET","authors":"Z. Németh","doi":"10.1109/SISY.2015.7325394","DOIUrl":null,"url":null,"abstract":"In this paper some basic elements of the “Eternal war in the memory” [1] are investigated from a practical perspective. While that article provides an excellent theoretical overview and surveys the contemporary attacks and defences, here some concrete examples of binary exploitation are presented as a case study. As a running example we take a recent buffer overflow vulnerability of the TestDisk application [2], and offer an easy-to-follow walkthrough of some exploitation techniques and tricks against Microsoft Enhanced Mitigation Experience Toolkit (EMET).","PeriodicalId":144551,"journal":{"name":"2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY)","volume":"47 42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Modern binary attacks and defences in the windows environment — Fighting against microsoft EMET in seven rounds\",\"authors\":\"Z. Németh\",\"doi\":\"10.1109/SISY.2015.7325394\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper some basic elements of the “Eternal war in the memory” [1] are investigated from a practical perspective. While that article provides an excellent theoretical overview and surveys the contemporary attacks and defences, here some concrete examples of binary exploitation are presented as a case study. As a running example we take a recent buffer overflow vulnerability of the TestDisk application [2], and offer an easy-to-follow walkthrough of some exploitation techniques and tricks against Microsoft Enhanced Mitigation Experience Toolkit (EMET).\",\"PeriodicalId\":144551,\"journal\":{\"name\":\"2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY)\",\"volume\":\"47 42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SISY.2015.7325394\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SISY.2015.7325394","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

本文从实践的角度探讨了“记忆中的永恒战争”理论的一些基本要素。虽然那篇文章提供了一个很好的理论概述，并调查了当代的攻击和防御，但这里提供了一些二进制利用的具体示例作为案例研究。作为一个运行的例子，我们以TestDisk应用程序[2]最近的缓冲区溢出漏洞为例，并提供了一个易于理解的演练，介绍了一些针对微软增强缓解体验工具包(EMET)的利用技术和技巧。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Modern binary attacks and defences in the windows environment — Fighting against microsoft EMET in seven rounds

In this paper some basic elements of the “Eternal war in the memory” [1] are investigated from a practical perspective. While that article provides an excellent theoretical overview and surveys the contemporary attacks and defences, here some concrete examples of binary exploitation are presented as a case study. As a running example we take a recent buffer overflow vulnerability of the TestDisk application [2], and offer an easy-to-follow walkthrough of some exploitation techniques and tricks against Microsoft Enhanced Mitigation Experience Toolkit (EMET).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY)

自引率

0.00%

发文量