Mitigations Unplugged presented at BlueHat 2008

by Matt Miller ( Microsoft ),

Tags: Security

Summary : Reliable exploitation techniques for software vulnerabilities have been developed and refined over the past decade to the point that most classes of vulnerabilities can be trivially exploited. The sophistication of these exploitation techniques has warranted the development of equally sophisticated mitigations such as GS, DEP, and ASLR. This presentation explores the technical details of these developments by illustrating the logical evolution of Microsoft mitigations. This evolution will be shown in terms of which problem each mitigation is attempting to solve, the methods taken to solve it, and how well each mitigation has stood the test of time. This knowledge should provide attendees with a detailed understanding of how Microsoft mitigations currently work and how product teams can best take advantage of them.