[Dailydave] Crystal AEP

[Peter Winter-Smith]

Dear list,

I have recently managed to finish development of some software which I have
been working on, on and off, for quite a while. It's called Crystal AEP
(anti-exploit protection) and it attempts to make exploitation of software
more difficult by introducing an element of unpredictability mixed with
some checks and heuristics into any application which it is configured to
protect.

The software started development in its earliest form a few years ago and
I've been adding code here and there whenever I've been able. I have been
working on it most recently to try to increase stability and to make it
fairly accessible to ordinary users (it used to be a DLL that I would
inject, now it has some sort of user interface!).

It is not unlike Microsoft EMET in what it attempts to achieve, however its
design and feature set do not draw on EMET directly for inspiration (it was
designed before EMET was released) so I believe that the software will
offer something to users of EMET who like variety. EMET is of course a
better supported option (being backed by Microsoft) and its developers are
right on the front line of defence research, so if you use EMET you
probably won't gain that much from running Crystal in parallel.

The software also offers content filtering possibilities to Internet
Explorer, although this feature is fairly secondary and is not enabled by
default. A primitive SDK is on the website if you wish to write small
filters to process or modify content on the fly for IE (it has been tested
with versions 6 - 9).

Although a beta of Crystal has been available for the last month it was
recently updated to permit it to run in low integrity processes, which
means better protection on Vista and Windows 7 for low-rights renderer
processes such as those included with Google Chrome, Internet Explorer (in
Protected Mode) and Acrobat Reader, so if anyone has stumbed upon the
software and downloaded it before today I would recommend an update.

Whether you like the software or not, any feedback is always welcome and
I'm sure I'll take a lot away from it. I probably won't be updating the
software for a while as I hope to move on to things that are more in line
with my interests (this project had become a bit of a burden towards the
end!), however I will try to fix any nasty bugs (especially compatibility
issues), so please report these to me and include whatever level of detail
you are able!

The user's guide which is included with the download is accessible from
here, and includes a bit more about the software (from a higher level):
http://www.crystalaep.com/CrystalUsersGuide.pdf  The software can be
downloaded from: http://www.crystalaep.com

Many thanks to my elite colleagues for feedback and taking the time out to
help me reduce the number of bugs and compatibility issues, and for
feedback in other respects: Gareth James, Sean de Regge, Greg Jenkins,
Richard Turnbull, Chris Anley and Daniel Martin!

Thanks very much all!
-Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120614/7369bdd1/attachment.html>