- Return-to-libc attacks These attacks, while normally limited to simple system commands, will always evade DEP as code will never execute from non-executable memory.
- Resetting the NX bit on the protected page to allow execution Exploit code can accomplish this by calling the VirtualProtect API passing in the address of malicious code and specifying PAGE_READ_WRITE_EXECUTE.
- Disabling DEP for current process An attacker could call SetProcessDEPPolicy (supported on Windows XP SP3, Vista SP1 and Windows 2008) to disable DEP for the current process with the caveat that it can be accomplished only if the process has not called this function itself. Another way to accomplish this is by calling the NtSetInformationProcess API to disable DEP on the current process. A good article explaining this bypass can be found here.
- Allocating new writable and executable memory then copying the shellcode payload to it and jumping to it
- Copying the shellcode to an already existing writable memory area and jumping to it
- Privileged Password Management
- Discover, manage, audit, and monitor privileged accounts
- Endpoint Privilege Management
- Manage privileges on Windows, Mac, Linux, and Unix endpoints
Universal Privilege Management
Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.