Captain Hook: Pirating AVs to Bypass Exploit Mitigations

Vulnerabilities, av, Detours, hooking, vulnerability, enSilo Breaking Malware, Windows, code injection, enSilo Corporate and Product

TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code hooking and injection techniques. These issues were found in more than 15 different products. The most impactful discovery was that three different hooking engines also suffer from these kind problems, including the most popular commercial

Read More

Sedating the Watchdog: Abusing Security Products to Bypass Mitigations

tools, Vulnerabilities, anti-virus, av, avulnerabilitychecker, Windows, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Design issues in various security products, such as anti-virus, make it significantly easier for threat actors to bypass exploit mitigations. As part of our ongoing goal of complete endpoint security, we found a prevalent flaw where anti-virus products allocate memory with RWX permissions at a predictable address.

Read More