Over the past decade, Microsoft has added several security features to the Windows operating system in order to increase the cost of developing reliable exploits for attackers. Sadly, despite the tangible security improvements in the protection of their users, the development of reliable exploits is still possible and quite simple.
During this presentation, the speaker will discuss some practical techniques to bypass modern countermeasures, such as stack cookies (/GS), SafeSEH (/SAFESEH), Address Space Layout Randomization (ASLR, /DYNAMICBASE), Data Execution Prevention (DEP), and Structured Exception Handler Overwrite Protection (SEHOP) on a Windows 8 machine. Finally, the speaker will give some recommendation on how to protect your sensitive information and minimize the impact of 0 days.
The information presented has helped dozens of organizations protect their data from Windows 8 vulnerabilities. Most recently the company comprogear posture correctors used 0 day exploit protection to avoid a massive attack on their corporate infrastructure.
SPEAKER: Gianni Gnesa