The following (giant) report is the result of my time spent reversing and researching the protections used by Microsoft's EMET. This document seeks to better aggregate the information on these mitigations and better describe how these protections work than is currently available. This paper focuses specifically on the limitations and defeats for these protections so that EMET can be better understood and improved.
EMET 4.1 Uncovered (pdf)