Mitigating Exploitation Techniques

Hi, Matt Miller from Microsoft’s Security Science team here to talk about exploitation & mitigation.


Over the past decade exploitation techniques have been developed and refined to the point that very little expertise has been needed to successfully exploit software vulnerabilities.  These refinements have lowered the bar for attackers and drastically increased the probability that an attack will be successful.  This has led to the need for mitigation techniques that can prevent or otherwise reduce the reliability of a given exploitation technique.  In relation to one another, we can think about exploitation techniques as attempting to drive the probability of successful exploitation to 100%, whereas mitigation techniques attempt to drive the same probability to zero.  While probability gives us a nice measure for the effectiveness of a mitigation technique, it doesn’t give us immediate insight into the specific problems being solved by mitigations or the techniques that are being used to solve those problems.


Understanding the problems that are solved by mitigations is what provided the motivation for the presentation I will be giving at BlueHat.  Many of the materials in this presentation were taken from my work with Leviathan Security Group and have been repurposed to focus on taking attendees on a journey through the technical evolution of the mitigation techniques developed by Microsoft.  This evolution is illustrated in terms of the problems each mitigation technique is attempting to solve, the methods used to solve them, and how well each mitigation has stood the test of time thus far.  The journey itself starts first with /GS and ends with a glimpse of the mitigation techniques we might expect to see in the future. 


It is my hope that this presentation will illustrate that mitigations, when working in concert with one another, can be an effective method of helping to keep users secure by reducing the probability of a successful exploitation attempt for the majority of known exploitation techniques.