EMET (Enhanced Mitigation Experience Toolkit) is an application which can be used to further harden a Windows system by adding additional security protections to running processes. These protections include several ROP (Return-Oriented-Programming) checks, shellcode detection mechanisms, heap-spray mitigations and many more. Microsoft as well as other vendors typically suggest as a workaround for new memory corruption vulnerabilities to install EMET to protect the application. The aim of the presentation is to show the audience that attackers can still exploit such protected applications by using one of the many existing techniques. This talk covers new techniques to bypass EMET 5.0 (the current version of it) as well as EMET 4.1. We at SEC Consult do not believe in putting additional security layers like EMET, DEP, ASLR, application firewalls and so on, on top of applications. Rather we demand from software developers and especially from the software industry itself to focus on secure software development instead of forcing their customers to create a chain of security layers to protect their software product. Protections such as EMET, DEP and ASLR are useful to add an additional hurdle for attackers but are not unbreakable.