Purple Team Tactics: A Technical Look at Windows 10 Exploit Mitigations

  • Webcast Aired Wednesday, 15 Apr 2020 10:30AM EDT (15 Apr 2020 14:30 UTC)
  • Speaker: Stephen Sims

The defense and offense both need to understand exploit mitigations running on modern operating systems, but from different perspectives. The offense needs to understand ways to circumvent or defeat these mitigations, while the defense needs to know which ones are the most effective and any associated overhead that could negatively impact an application or system. Windows 10 includes a cutting edge exploit mitigation toolkit called Exploit Guard. This supersedes the deprecated Enhanced Mitigation Experience Toolkit (EMET) that is no longer supported. While some mitigations, such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are enabled by default, many modern mitigations with Exploit Guard are disabled. It is often the case where administrators and users do not know enough about a mitigation to feel comfortable in turning it on as it could potentially break applications or increase processor overhead. Join me in this webcast where we will attempt to demystify these controls and look at some of the latest mitigations such as Control-flow Enforcement Technology (CET).