Enhanced Mitigation Experience Toolkit (EMET) Anti-Exploit Free Download
Enhanced Mitigation Experience Toolkit (EMET) is a software tool from Microsoft that allows developers and administrators to harden programs and prevent hackers from gaining access to the system through arbitrary applications, especially through zero-day exploit and common vulnerabilities, including the infamous exploit existed in Adobe Acrobat PDF Reader products.
Enhanced Mitigation Experience Toolkit, as its name implied, is a security mitigation technologies, and are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:
- No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.
- Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.
- Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.
- Ease of use: The policy for system wide mitigations can be seen and configured with EMET’s graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.
- Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready.
The EMET toolkit supports both 32-bit and 64-bit applications, and activates several pseudo mitigation technologies aimed at disrupting current exploit techniques on compiled binaries that does not have such mitigation mechanisms. Some of the mitigation techniques include:
- Structured Error Handling Overwrite Protection (SEHOP) perform SEH (Structed Exception Handling) chain validation to prevent exploit to overwrite SEH.
- Dynamic Data Execution Prevention (Dynamic DEP) locks parts of memory used by process as non-executable, making it difficult to exploit memory corruption vulnerabilities.
- NULL Page Allocation allocates the first page of memory before program initialization and blocks attackers from taking advantage of NULL references in usermode.
- Heap Spray Allocation blocks the use of pre-allocation memory addresses by malicious exploits to place copies of their shellcode in waiting for making a case to take control of instruction pointer.
- Mandatory address space layout randomization (ASLR), as well as non-ASLR-aware modules on Windows Vista, Windows Server 2008 and Windows 7 so that DLL loads executable code in random different memory locations each time it is called, making exploit code that target buffer overflows or other vulnerabilities hard to predict where the shell code is. The problem with this is that all modules have to use a compile time flag to opt into this. With EMET, modules are forced to be loaded at randomized addresses for a target process regardless of the flags it was compiled with
- Export Address Table Access (EAT) Filtering – This mitigation is designed to break nearly all shell code in use today. Before a piece of shellcode can do anything useful, it generally has to locate windows APIs first. EAT protects against metaspoilt shell codes by filtering access to the EAT (Export Address Table) of kernel32.dll and ntdll.dll through hardware breakpoints to block access if the instruction pointer is not inside a module.
These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. For example, ASLR on Adobe Reader and Adobe Acrobat DLL file named icucnv36.dll will patch the security hole of the Adobe PDF zero-day exploit. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.
The Enhanced Mitigation Experience Toolkit has been evolved to version 2.0, and interested administrators or users can download the EMET 2.0 from Microsoft Download Center.
Enhanced Mitigation Experience Toolkit (EMET) 2.0 supports Windows 7; Windows Server 2003 Service Pack 1; Windows Server 2008; Windows Server 2008 R2; Windows Vista Service Pack 1; and Windows XP Service Pack 3 operating system.
Also available is EMET user guide and EMET training video, which can also be viewed below.
Related posts:
- Sony PS3 Exploit (Potential Hack to Play Cracked Games) Free Download
- Windows Vista SP1 New Black Desktop Anti-Piracy Experience
- Remove and Delete TimerStop Grace Timer Activation Exploit or Crack
- How to Uninstall and Remove OEM BIOS Emulation Driver Activation Exploit/Crack
- Vista OEM BIOS and Grace Period Exploit Activation Crack Detector To Release via WU
