Udi Yavo, CTO, enSilo

Udi Yavo, CTO, enSilo

Proficient in OS-internals, code analysis and exploitation. Low-level researcher. Contact me.

enSilo protects against “WannaCry” and stolen NSA Tools out of the box

Business, Industry, cybersecurity, enSilo Corporate and Product, WannaCry, Windows, NSA, Ransomware, Malware

Just weeks after the Shadow Brokers released the NSA Tools, the world has had its first taste of just how effective threats built with these tools can be. Beginning early on May 12th, a ransomware variant using the EternalBlue exploit for Microsoft Windows, began spreading like wildfire, locking down businesses and users in more than 90

Read More

ShadowGroup Reveals All? Initial Analysis of the Equation Group Dump

Research, enSilo Corporate and Product

 

On Good Friday, April 14, The Shadow Brokers released to the public a bunch of powerful Windows’ exploits, tools and exploit kits used by The Equation Group – the group supposedly behind the NSA.

We’re currently analyzing the data, and would like to share some initial analyses and recommendations. Understanding the impact will allow security

Read More

WhatsApp With That: One Says Backdoor, the Other Says Feature

Industry, enSilo Corporate and Product

WhatsApp was under the limelight this week with news that they have allowed government backdoor access.

Read More

Predictions 2017: Goodbye Flash. Hello Jscript.

Industry, enSilo Corporate and Product

In 2017, we predict that as Flash phases out, JScript will take its place as the leading browser-exploitation vector.

Read More

Predictions 2017: Security Moves Down the Stack

Industry, enSilo Corporate and Product, Windows, Android, Malware

In 2017, we predict that security – the good and the bad – will be moving down the stack.

Both sides — defense vs offense — are moving down the stack. On one side: the confidentiality, integrity and availability of data, operations and processes. On the other: threat actors that are looking to steal, tamper or disrupt these. (Note that enSilo

Read More

Predictions 2017: Targeted Ransomware

Industry, enSilo Corporate and Product

In 2017, we predict that ransomware authors will target mission-critical servers and PCs - within targeted departments.

By holding these sensitive devices hostage, ransomware authors will be applying the right pressure at the right time to quickly receive the ransom. 

Read More

A Quick Debrief on Cyber Security for the Elected President

enSilo Corporate and Product

 

The United States is less than a week away from electing a new president. Cybersecurity has played a large part in the news leading up to the election — hacked and leaked political emails and probing of election databases — and yet there hasn’t been a lot of discussion on how to resolve the problems. As someone who has been closely following

Read More

FindADetour: The Tool that Tests for Vulnerable Microsoft's Detours

Research, enSilo Corporate and Product, FindADetour, hooking, Windows, Malware

Today’s Microsoft September Patch Tuesday includes a patch to what they had tagged as a fix for Microsoft Office. Behind the scenes, however, that fix extends beyond Microsoft Office to hundreds of applications developed by Microsoft as well as hundreds of other software vendors. Accordingly, this fix affects millions of users – from those

Read More

Intrusive Applications: 6 Security Issues to Watch Out for in Hooking

Research, enSilo Corporate and Product, Windows, hooking, Malware, code injection

For over a year our enSilo researchers have been looking into hooking engines and injection methods used by different vendors. It all started back in 2015 when we noticed injection issue in AVG but this was only the tip of the iceberg. A few months after that we noticed similar issues in McAfee and Kaspersky Anti-Virus. At that point we decided

Read More

Captain Hook: Pirating AVs to Bypass Exploit Mitigations

Vulnerabilities, av, Detours, hooking, vulnerability, enSilo Breaking Malware, Windows, code injection, enSilo Corporate and Product

TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code hooking and injection techniques. These issues were found in more than 15 different products. The most impactful discovery was that three different hooking engines also suffer from these kind problems, including the most popular commercial

Read More