• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
EMET
 

EMET

on

  • 299 views

 

Statistics

Views

Total Views
299
Views on SlideShare
299
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Prior-service Army, Pre-WarBoth Private Sector and Defense experience
  • Man has used firewalls to protect our assets (our flock)Worked very well for a long time – only security strategyFlaming brick wall, good to goFirewalls became more advanced, so did attacksEvading firewall, going for weaker members of the flock
  • These days difficult to protect the flockIt can be so difficult, in part sheep don’t protect themselves
  • So what have we done?
  • Building fences to corral the sheep Intended boundaries – sheep don’t knowThis worked pretty wellThen what happened?
  • The pentesters come inAs soon as ASLR created, bypass naturally followed
  • Security Development Lifecycle Progress Report2004 – 2010 41 consumer apps, millions of usersDEP without ASLRLine-of-business apps
  • Two Drop Down listsSo what’s better than a fence?
  • Sheepdog
  • Version 4.0 released June 2013Version 1.0 released Oct 2009Both servers and workstationsFree utility from MS .net 4.0 – No other dependenciesNo signatures or updatingNo whitelist or blacklistNo guessingJust good programmingPart of Windows 8 STIG
  • Blacklisting is deadHBSS can’t provide good defaults
  • So let’s go through an EMET installation
  • One choice to makeService is installed and running, launch client
  • This is GUIBottom is the list of running processes
  • Sheepdog
  • Calls to external binary files go through the Import Address TableWorks for both static and dynamically linked dllRedirects call to windows to Shim addressWhat all this means – you don’t talk to Windows without EMET
  • All happen simultaneously
  • 14 Default Trusted Roots – Necessary?
  • Sheepdog
  • Sheepdog
  • Some code so bad
  • Sheepdog
  • Whatever you’re using now
  • GPO or script through CLISupport with existing contract
  • Jonathan Ness from MSSupport with valid Support Contract or through forum

EMET EMET Presentation Transcript

  • Employing EMET for Application Security
  • GCIA, GCIH, GSEC, CCNA, CISSP @dacoursey
  • EMET
  • MS Office Acrobat Flash Java
  • DEP ASLR SEHOP etc…
  • Progress Report ASLR DEP
  • What is it?
  • But what about…
  • What does it NOT do?
  • Deployment
  • Management
  • Microsoft’s Strategy
  • Questions?
  • http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx?Redirected=true https://blogs.technet.com/b/srd/archive/2009/02/02/preventing-the-exploitation-of-seh-overwrites-with-sehop.aspx?Redirected=true https://blogs.technet.com/b/security/archive/2012/08/08/microsoft-s-free-security-tools-enhanced-mitigation-experience-toolkit.aspx?Redirected=true http://technet.microsoft.com/en-us/library/dd837644(v=ws.10).aspx