Jump to content


Recommended Posts

Anti-exploit tool

What is Sentinel?

Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses. It can protect your programs against 0-day attacks or publicly known bugs.

Why Sentinel?

When a 0-day attack is used in the wild, nobody knows about the existence of this bug except the attacker himself. Some antiviruses implement heuristics to detect new attacks but usually they are unreliable. Sometimes, your computer is not up to date, in this case you are vulnerable to attacks against public bugs.

In both cases, one way to protect your "vulnerable programs" against old or new attacks is adding extra protections (usually, exploit mitigations).

What kind of programs can Sentinel protect?

Any 32 bit program can be protected by Sentinel. E.g: "Internet Explorer", "Acrobat Reader", "Word", "Excel", your applications, etc ..

What kind of exploit attacks can Sentinel stop?

Sentinel is able to detect attacks against user mode binary bugs. Binary bugs can be understood as bugs where the instruction pointer (EIP) can be modified. E.g: Stack overflows, Heap overflows, memory corruptions, Use after-free, etc.

What kind of exploit attack behavior can Sentinel detect?

  • ROP activity
  • Stack Pivoting
  • Invalid Caller
  • Return Address modification
  • Stack Execution
  • Stack Returning (previous step to stack execution)
  • Base Pointer modification (experimental)

Video demonstration:



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...