TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.
Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. (This research is one way enSilo ensures complete endpoint protection.) Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that
TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.
TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls from calling addresses that are not marked as safe. CFG can cause problems for anyone trying to execute malicious memory manipulations on Windows. In such cases, this can be bypassed by adding an exception to the CFG bitmap (a mapping of