In the early hours of September this year Microsoft came out with their Enhanced Mitigation Experience Toolkit v2.0 (EMET), that contains a fresh “pseudo”-mitigation named as an Export address table Address Filter (EAF). I decisive to cover that how this mitigation tried to avoid exploits from ensuing and how an attacker’s capacity to bypass it. For folks who bear from tl;dr syndrome. It is my conclusion that EAF should be made-up to be helpful at preventing mainly present shellcode from executing and as a result a helpful mitigation. Though, it is comparatively easy to bypass. Look forward to that if EAF becomes a ordinary mitigation, attackers will modernize their shellcodes to bypass it. I cannot imagine of several efficient way in which EAF can be updated that would not be relatively simple to bypass as well.
Bookmarks