We continue our series of tweaking Metasploit modules to bypass EMET, without changing Metasploit’s payloads. Last time, we talked about bypassing EMET’s EAF using SEH. Since this technique may not necessarily fit your exploit, we present a second technique that bypasses EMET’s EAF without using SEH or changing Metasploit’s payload.
Continue reading
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is designed to increase the protection of your system against exploitation. It can render current Metasploit modules useless, as they’re currently not designed to bypass it. We discuss ways to tweak Metasploit modules in as much a generic way as possible, so they can work against targets utilizing EMET.
Continue reading
The official Poison Ivy Metasploit module has just been released. With the help of Juan Vazquez, the official module is a major upgrade to the original module I published. Here is some important information on how to use it.
Continue reading
After providing a detailed exploit for Poison Ivy’s C&C server, the natural course of things was to incorporate it into the Metasploit framework. So here is a fully functional Metasploit module that exploits a remote Poison Ivy C&C server, bypassing DEP and ASLR, for all Windows versions.
Continue reading