AtomBombing CFG-Protected Processes

Injection Techniques, AtomBombing, CFG, code injection, Control Flow Guard, Windows, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.

Read More

Documenting the Undocumented: Adding CFG Exceptions

documentation, CFG, Control Flow Guard, NtSetInformationVirtualMemory, Windows, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls from calling addresses that are not marked as safe. CFG can cause problems for anyone trying to execute malicious memory manipulations on Windows. In such cases, this can be bypassed by adding an exception to the CFG bitmap (a mapping of

Read More