Cybersecurity Predictions 2018

cybersecurity, Malware, AtomBombing, enSilo Corporate and Product, WannaCry, Process Doppelganging

This year is coming to an end.  The media headlines were constantly reporting massive attacks and breaches. We expect nothing less in 2018. 

Read More

Microsoft’s Response to AtomBombing is Post-Infection Detection

Weekly Security News, Windows, Malware, code injection, AtomBombing, enSilo Corporate and Product

In March 2017, Microsoft (known for fixing vulnerabilities in their software products once a month on “Patch Tuesday”) recently addressed post-infection detection, investigation, and response with their Windows Defender Advanced Threat Protection [ATP]). Microsoft is a company that is continuing to evolve in product/services, and is now

Read More

AtomBombing Goes Nuclear

Research, cybersecurity, Windows, Malware, code injection, AtomBombing, enSilo Corporate and Product

In late 2016, enSilo researchers shared AtomBombing with the security world. More of a “proof of concept” than an actual exploit, AtomBombing took advantage of Microsoft Windows built-in atom tables that would allow specific API calls to inject code into the read-write memory space of a targeted process.

(NOTE: enSilo endpoint protection

Read More

AtomBombing CFG-Protected Processes

Windows, Injection Techniques, code injection, AtomBombing, CFG, Control Flow Guard, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.

Read More

AtomBombing: A Code Injection that Bypasses Current Security Solutions

Research, Windows, Malware, code injection, AtomBombing, enSilo Corporate and Product

Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code.  (This research is one way enSilo ensures complete endpoint protection.) Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that

Read More

AtomBombing: Brand New Code Injection for Windows

Research, Windows, Injection Techniques, Malware, code injection, AtomBombing, APC, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.

Read More