Meet me at BSides in San Diego on June 9th, 2018 to learn more about exploitation and exploit mitigation techniques available in Windows Defender Exploit Guard.

Windows Defender Exploit Guard - Exploit Writer’s Party Pooper

On June 27, 2017, Microsoft announced the happy retirement for EMET (“Enhanced Mitigation Experience Toolkit”) and welcomed WDEG (“Window Defender Exploit Guard”) to take its place. The retirement was decisive - EMET will not be allowed to come back, and its installation will be blocked by default in Windows 10.

Both EMET and WDEG are there to make exploitation of the system as hard as possible by messing up exploit’s execution flows like buffer/heap overflow, null pointer dereference, etc. WDEG comes with a standard set of mitigations, like DEP, SEHOP, Heap Spray Protection, different flavours of ASLR, ROP Calls and the like.

While WDEG configuration settings are fairly straightforward, it’s important to understand what each mitigation does and how it affects your software. In this talk, we are going to discuss common exploit mitigation techniques available in WDEG, how they work and what they mean for both red and blue teams.

See you there!