Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection: Is the Agent Protected Against the Following Threats: DEP, ASLR, EAF, SEHOP, HEAP

CB Protection: Is the Agent Protected Against the Following Threats: DEP, ASLR, EAF, SEHOP, HEAP

Environment

  • CB Protection Agent: All Versions
  • Microsoft Windows: All Supported Versions 

Question

Is the CB Protection Agent protected against the following threats:
  1. Dynamic Data Execution Prevention (DEP)
  2. Address Space Layout Randomization (ASLR)
  3. Export Address Table Access Filtering (EAF)
  4. Structured Exception Handler Overwrite Protection (SEHOP)
  5. Heap Spray Allocations

Answer

The listed exploits originate mostly from old Microsoft Vista OS, and their mitigations are now built in to Windows and can be enabled using GPO.

Additional Notes

  • The CB Protection Agent will block any unapproved file that tries to execute if the Agent is on at least Medium enforcement.
  • It's important to emphasize that with modern operating systems, exploit mitigation is built in and the risk of allowing arbitrary files to execute on your machines without approval far exceeds that of getting exploited by an adversary with one of the mentioned techniques.
  • The threats listed are specific to anti-exploit mitigation techniques introduced in Windows Vista. These are typically enforced per application with something like Microsoft Windows Exploit Guard. For instance, by default in Windows 10, all of the Office applications, Edge, and a handful of OS binaries are protected with the aforementioned anti-exploit techniques.
  • A number of these techniques are part of application exploits in MSF. But with all code execution exploits you MUST have very specific application version requirements

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1097
Contributors