EMET 4.0 PKI Mitigation

DEF CON 21

Presented by: Neil Sikka
Date: Sunday August 04, 2013
Time: 12:00 - 12:45
Location: Track 1
Track: Track 1

Microsoft EMET is a free Mitigation tool. In addition to its memory corruption exploit mitigations, a newly introduced feature is the PKI mitigation. This mitigation implements x509 certificate pinning to prevent usage of forged certificates in HTTPS sessions in the web browser. This talk is technical as it demos EMET in action and explains how the PKI mitigation works.

Neil Sikka

Neil Sikka (@neilsikka) is a computer security enthusiast and researcher. He works at Microsoft on MSRC (Microsoft Security Response Center) as a Software Security Engineer where he analyzes 0day exploits and other security vulnerabilities in any Microsoft software, and develops security tools such as EMET. In addition to his security research at work, he also likes to do security research on his free time at home on nights and weekends. He has a technical blog where he posts his security research (http://neilscomputerblog.blogspot.com/).


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats