Someone’s Bypassing EMET

EMET is the Exploit Mitigation Enhancement Toolkit. It basically forces programs to make use of a number of mitigation techniques. The idea of EMET is not to make programs invincible to exploitation, no single technique is incredibly powerful. The idea is to use all of the techniques in combination to make generic bypasses of EMET impossible or at least incredibly difficult. Each payload has to be designed to bypass EMET – you can’t just wrap it up a special way.

But that’s exactly what someone is trying to do. They’re not modifying the payload at all and they’re working to bypass EMET. It’s pretty cool – part 1 and 2 are already out.

Here’s part 1.

I think this quote sums up the project and why EMET is still a powerful tool.

There are two main areas we need to concern ourselves with when trying to bypass EMET: the exploit and the Metasploit payload. Obviously, the exploit needs to be crafted so as to bypass EMET. This cannot be generic – we can’t find a solution that will automatically work for all exploits, as the intrinsic details of the exploit are important to accomplish successful bypassing. It might be a different story when we consider the Metasploit payloads. Sure, we may be able to tweak each payload to bypass EMET, but that’s really missing the point. We would like to have a generic solution that enables all unmodified payloads to work for a specific exploit.

As you can see right off the bat it’s said that a generic bypass for the individual exploits is impossible – this is obvious as the exploits themselves work in specific ways. This focuses on the payloads.

I’m excited to see the work continue.