Tomer Bitton, VP Research, enSilo

Tomer Bitton, VP Research, enSilo

Obsessed by malware, hostile code and extreme packers. Low-level researcher. Feel free to contact.

Sedating the Watchdog: Abusing Security Products to Bypass Mitigations

tools, av, Vulnerabilities, anti-virus, avulnerabilitychecker, Windows, enSilo Breaking Malware

TL;DR: Design issues in various security products, such as anti-virus, make it significantly easier for threat actors to bypass exploit mitigations. As part of our ongoing goal of complete endpoint security, we found a prevalent flaw where anti-virus products allocate memory with RWX permissions at a predictable address.

Read More

You’re so predictable: the AV vulnerability that bypasses mitigations

Research, Industry, Windows, Malware, enSilo Corporate and Product

Our research team exposed a critical security vulnerability appearing in various Anti-Virus (AV) products which has the potential to turn the Anti-Virus to an attack-enabler tool. This issue is not necessarily constrained to security solutions, but potentially to any intrusive application such as data leak prevention (DLP) and performance

Read More

“Selfie”: A Tool to Unpack Self-Modifying Code using DynamoRIO

tools, Windows, Malware, enSilo Breaking Malware, Endpoint Protection

TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a majority of malwares packed with self-modifying code. The Selfie tool is now open-sourced, compiled to 32-bit, and can be found here.

Read More

NanoCore RAT: It’s Not 100% Original

Research, Windows, Malware, RAT, enSilo Corporate and Product

A few days ago, a cracked full-version of the NanoCore Remote Access Trojan (RAT) tool was leaked.

With scarce existing documentation of NanoCore we decided to investigate ourselves NanoCore’s core set of features and techniques. (We do this as part of enSilo’s development of the best endpoint security software.) What we found was that although

Read More

AVG: A Case-Study in Vulnerability Disclosure

Research, enSilo Corporate and Product

Our research team responsibly disclosed a severe vulnerability in AVG Internet Security 2015 build 5736 + Virus database 8919 released January 13th 2015.

Within just two days of disclosure, on Thursday, March 12th, 2015 – AVG released a patch to its user base.

AVG’s response to this flaw is something we should all learn from. It stands in dark

Read More

Vulnerability Patching: Learning from AVG on Doing it Right.

Vulnerabilities, Windows, enSilo Breaking Malware

Introduction

As part of our research, we analyze the intricate relationship between Anti-Virus and Operating Systems (OS). During this process, we came across a vulnerability in AVG Internet Security 2015 build 5736 + Virus database 8919 released January 13th 2015.

The vulnerability? The affected AVG product had allocated a memory page with RWX

Read More