The Enhanced Mitigation Experience Toolkit (EMET)

In the previous posts of my blog we talked a little bit about security exploits and how they function and how to prevent from attacks using security exploits. In this post I am so excited to introduce a great toolkit offered by Microsoft to defense against the exploitation of the system.

The tool is called Enhanced Mitigation Experience Toolkit (EMET) which uses exploitation mitigation techniques making it very difficult for exploits to defeat the system. However the protection applied by EMET does not guarantee that the system will not be exploited but it just makes it as difficult as possible to exploit the system even using a 0-Day vulnerability exploits. 

Working with EMET is pretty simple and you just need to download it from here  and then install it on your machine and simply choose the software that you want it to protect and you believe is more probable to have a security vulnerability and then you are all done. It is possible through the GUI interface of the tool.

EMET is compatible with any software and it does not really matter whether the software you want to protect is a Microsoft software or not. Below is a screenshot of the GUI interface of the toolkit:

You should for sure try this tool as it’s a must for every security engineer worrying about the security of their environment with all those softwares installed on their servers which each could have possible security vulnerabilities putting the whole network and system at risk.

You want to learn more? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book: 

To get more information about the book click on the book below:

1

Cheers

Possible Attacks on Windows and Countermeasures – Part 2

In the previous post I talked about password cracking and how you could actually protect against these attacks. In this article I want to explore another type of attacks:

Buffer Overflow Attacks:

This is a very common type of attack that is triggered against an operating system (Not necessarily Windows) due to a security vulnerability existing whether inside the operating system or the applications installed on top of that. Probably the reason why this is a very common type of attack is because the security bugs inside the softwares and applications on the OS could also result in a security hole in the OS…

What is buffer overflow vulnerability?

This happens when data copied into the memory buffer is larger than the buffer size making it overflow. This problem could be mostly seen in applications written with C and C++ programming languages which offer no built-in protection against accessing or overwriting data in any part of memory.

This problem could result in execution of some malicious codes by a hacker making it pretty easy for a hacker to even remotely execute malicious codes on an OS so that they could access the OS.

When a buffer overflow security hole is found, there will be usually security advisory released on the OS or software website. This security advisory to my way of thinking has advantages and disadvantages.

The advantage is that users become more aware of the security vulnerabilities on their OS or software and can better plan for protection using their firewalls by closing specific ports or even disconnecting a specific computer from the internet. I have written a specific article about this that you can read here.

The disadvantage is that hackers become aware of such vulnerabilities and will begin writing malicious exploits for that security bug so that they could take advantage of it to access affected systems. But what are exploits?

Exploits are programs maliciously written to take advantage of a security vulnerability. We have two general types of exploits. One is Remote Exploits that could be run remotely against a server with that problem and the other one is Local Exploits that could be run locally when the hacker has some limited local access on a machine so he could use the exploit to escalate his permission and get full access to the system.

If the vulnerability is pretty critical and is found on a popular OS like Windows or any other common software, there would be possible worms written for it. Worms are exploits with additional capabilities to scan the network and search for any machine with the same security problem and then try to penetrate into that machine and keep spreading.

Solution:

It’s really difficult to say how to protect against these attacks as there are so many applications installed on the OS and any of them could cause such a problem but the best practice is to keep your computer up to date by enabling automatic update on your Windows.

There is also a very good feature on Windows called DEP (Data Execution Prevention) that should be turned on. It can protect your computer against this type of attack by monitoring programs to make sure they use computer memory safely. If DEP realizes that a program is trying to run instruction from the portion of memory used for data, DEP will close the program and notifies you.

You can turn it on from System Properties -> Advanced System Settings -> Performance Settings -> Data Execution Prevention and enable Turn on DEP for essential Windows programs and services only

You want to learn more? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book:

To get more information about the book click on the book below:

1

Hope you enjoyed it

Cheers