Security researcher cracks Microsoft's BlueHat prize-winning ROPGuard tool
A security researcher has admitted that he has managed to crack the ROPGuard tool that won second prize at the recent Microsoft BlueHat contest.
According to Arstechnica, security researcher Shahriyar Jalayeri has demonstrated an exploit that bypasses the tool's protection. According to a blog, Jalayeri said that he managed to bypass EMET 3.5 and wrote a full-functioning exploit for CVE-2011-1260 with all Enhanced Mitigation Experience Toolkit's (EMET) ROP mitigation enabled.
According to Microsoft, the EMET is a utility that helps prevent vulnerabilities in software from being successfully exploited. However Jalayeri said that EMET's ROP mitigation works by hooking certain APIs (such as VirtualProtect) with Shim Engine, and monitors their initialisation. He said: “I have used SHARED_USER_DATA ,which mapped at fixed address ‘0x7FFE0000' to find KiFastSystemCall address (SystemCallStub at ‘0x7FFE0300'), so I could call any syscall by now.
- Wed, 2013-05-15 03:49
- Mon, 2013-05-13 01:44
- Fri, 2013-05-10 00:17