公开(公告)号：US20250015999A1

公开(公告)日：2025-01-09

申请号：US18892382

申请日：2024-09-21

Applicant: Open Text Inc.

Inventor： Andrew Sandoval ,  Eric Klonowski

IPC: H04L9/32 ,  G06F9/445 ,  G06F21/50

Abstract: Examples of the present disclosure describe systems and methods for monitoring the security privileges of a process. In aspects, when a process is created, the corresponding process security token and privilege information is detected and recorded. At subsequent “checkpoints,” the security token is evaluated to determine whether the security token has been replaced, or whether new or unexpected privileges have been granted to the created process. When a modification to the security token is determined, a warning or indication of the modification is generated and the process may be terminated to prevent the use of the modified security token.

公开(公告)号：US12149623B2

公开(公告)日：2024-11-19

申请号：US17836714

申请日：2022-06-09

Applicant: Open Text Inc.

Inventor： Andrew Sandoval ,  Eric Klonowski

IPC: H04L9/32 ,  G06F9/445 ,  G06F21/50

Abstract: Examples of the present disclosure describe systems and methods for monitoring the security privileges of a process. In aspects, when a process is created, the corresponding process security token and privilege information is detected and recorded. At subsequent “checkpoints,” the security token is evaluated to determine whether the security token has been replaced, or whether new or unexpected privileges have been granted to the created process. When a modification to the security token is determined, a warning or indication of the modification is generated and the process may be terminated to prevent the use of the modified security token.

公开(公告)号：US12013929B2

公开(公告)日：2024-06-18

申请号：US18158621

申请日：2023-01-24

Applicant: Open Text Inc.

Inventor： Andrew Sandoval

IPC: G06F21/52 ,  B01D15/18 ,  G01N30/20 ,  G01N30/22 ,  G01N30/46 ,  G01N30/60 ,  G06F11/36

CPC classification number: G06F21/52 ,  B01D15/1885 ,  G01N30/20 ,  G01N30/22 ,  G01N30/466 ,  G01N30/6043 ,  G06F11/3688 ,  G01N2030/202 ,  G01N2030/207 ,  G06F2221/033

Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.

公开(公告)号：US20240303319A1

公开(公告)日：2024-09-12

申请号：US18666973

申请日：2024-05-17

Applicant: Open Text Inc.

Inventor： Andrew Sandoval

IPC: G06F21/52 ,  B01D15/18 ,  G01N30/20 ,  G01N30/22 ,  G01N30/46 ,  G01N30/60 ,  G06F11/36

CPC classification number: G06F21/52 ,  B01D15/1885 ,  G01N30/20 ,  G01N30/22 ,  G01N30/466 ,  G01N30/6043 ,  G06F11/3688 ,  G01N2030/202 ,  G01N2030/207 ,  G06F2221/033

Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.