Security Science

The History of the !exploitable Crash Analyzer

At the CanSecWest conference earlier this month we made our first public release of the !exploitable Crash Analyzer. While an upcoming white paper and the CanSecWest slide deck go into detail on the technology involved, we thought it might be useful to explore the history of the tool. Roots in Fuzzing The technology and research …

The History of the !exploitable Crash Analyzer Read More »

Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass

Last summer at BlackHat Vegas, Alexander Sotirov and Mark Dowd outlined several clever ways to bypass the Windows Vista defense-in-depth protection combination of DEP and ASLR in attacks targeting Internet Explorer. One approach they presented allowed attackers to use .NET framework DLL’s to allocate executable pages of memory at predictable locations within the iexplore.exe process. …

Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass Read More »

GS cookie protection – effectiveness and limitations

The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine.  This post will not go into detail about how GS works, so it may be helpful to refer to these …

GS cookie protection – effectiveness and limitations Read More »

CanSecWest Preview & New Blog URL

It’s getting busy around here with people preparing for the CanSecWest security conference (http://cansecwest.com/). Many of the Microsoft Security Engineering Center (MSEC) and Microsoft Security Response Center (MSRC) members that regularly post to this blog will be attending CanSecWest and soaking up the 3 days of presentations & networking. If you haven’t heard us talk …

CanSecWest Preview & New Blog URL Read More »

Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP

One of the responsibilities of Microsoft’s Security Engineering Center is to investigate defense in depth techniques that can be used to make it harder for attackers to successfully exploit a software vulnerability. These techniques are commonly referred to as exploit mitigations and have been delivered to users in the form of features like /GS, Data …

Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP Read More »