Yotam Gottesman, Security Researcher, enSilo

Yotam Gottesman, Security Researcher, enSilo

Unpacking junkie. A knack for reverse engineering only to re-engineer later. Ping me.

Command Injection/Elevation – Environment Variables Revisited

Vulnerabilities, command injection, elevation, variables, enSilo Breaking Malware, UAC, Windows, code injection, enSilo Corporate and Product

Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an

Read More

Adding UAC Bypass to the Attacker’s Tool Set

Research, enSilo Corporate and Product, Windows, UAC, Malware

Recently enSilo researchers, as part of our ongoing quest for endpoint protection, revealed a new way that

Read More

Elastic Boundaries – Elevating privileges by environment variables expansion

Vulnerabilities, bypass UAC, elevation, environment variable, path redirect, variable expansion, enSilo Breaking Malware, UAC, Windows, code injection, enSilo Corporate and Product

Even though any process is provided with variables from its environment, they are often overlooked by

Read More

Furtim: The Ultra-Cautious Malware

Research, enSilo Corporate and Product, Furtim, Malware, Windows

Furtim is the latest stealthy malware, found in the wild, and its discovery is credited to @hFireF0X. (We

Read More

Analyzing Furtim: Malware that Avoids Mass-Infection

Malware, Furtim, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Overview

Recently we came across a new malware strain, first discovered by @hFireF0X, and at point of

Read More

ArdBot: An Inside Look into Malware in the Making

Research, enSilo Corporate and Product, ArdBot, Windows

Crediting R136a1 who published malware samples a few days ago on a forum, we found these samples under

Read More

ArdBot: A Malware Under Construction

Malware, ArdBot, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Recently we came across a new sample of the ArdBot malware, appearing on kernelmode, credited to R136a1.

Read More

A Technical Breakdown of ModPOS

Web Malware, Malware, ModPOS, POS malware, enSilo Breaking Malware, Windows, Windows XP, enSilo Corporate and Product

ModPOS is the latest in the string of POS malware that’s making the news. As its family name implies, this

Read More

Moker, Part 2: Capabilities

Web Malware, Malware, APT, Moker, RAT, enSilo Breaking Malware, Windows, enSilo Corporate and Product

A few days ago, we published a blog entry on an advanced malware called Moker, and discussed the different

Read More

Moker: A new APT discovered within a sensitive network

Research, enSilo Corporate and Product, APT, RAT, Windows, Malware, Moker

Recently, enSilo found an Advanced Persistent Threat (APT) residing in a sensitive network of a customer.

Read More