Omri Misgav, Security Researcher, enSilo

Omri Misgav, Security Researcher, enSilo

Programming, reverse engineering and security nut. Low-level and OS internals enthusiast. Drop me a line.

Turning (Page) Tables: Bypassing Kernel Mitigations to Successfully Escalate Privileges

enSilo Breaking Malware, cybersecurity, enSilo Corporate and Product

On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the Microsoft Windows operating system. It's a general technique to leverage with kernel vulnerabilities and make privilege escalation easier.

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

documentation, enSilo Breaking Malware, Windows, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it isn’t as foolproof as you would’ve hoped. 

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

documentation, enSilo Breaking Malware, Windows, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime.

Read More

The NotPetya ‘Not’ Killswitch

Research, enSilo Corporate and Product, NotPetya, Windows, Malware, Ransomware, NSA

In the past few days a new Petya-like ransomware, dubbed NotPetya, infected machines across the world by leveraging some of the NSA’s exploits for the SMB protocol (EternalBlue, EternalRomance), similarly to the WannaCry attack last month. This attack overwrites the MBR (Master Boot Record) and encrypts the file-system, rendering the system

Read More