TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it...
SCHEDULE A DEMO TODAY!
Please fill out the form below and we will help get you setup as soon as possible.
ENSILO BLOG
You are Reading:
Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)
by
Omri Misgav, Security Researcher, enSilo on September 05, 2017 -
TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime.
TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls from calling addresses that are not marked as safe. CFG can cause problems for anyone...
SUBSCRIBE
SANS Review
CATEGORIES
- enSilo Corporate and Product (182)
- Weekly Security News (96)
- Windows (49)
- Malware (41)
- Industry (22)
- Research (22)
- enSilo Breaking Malware (19)
- cybersecurity (16)
- Business (13)
- Ransomware (13)
- code injection (9)
- Vulnerabilities (7)
- AtomBombing (6)
- WannaCry (6)
- POS malware (5)
- RAT (5)
- NSA (4)
- exploit (4)
- APT (3)
- Endpoint Protection (3)
- Mac OS X (3)
- Moker (3)
- NotPetya (3)
- Process Doppelganging (3)
- UAC (3)
- Web Malware (3)
- documentation (3)
- hooking (3)
- vulnerability (3)
- Android (2)
- ArdBot (2)
- CFG (2)
- Control Flow Guard (2)
- Emotet Botnet (2)
- Fileless Malware (2)
- Furtim (2)
- Gartner (2)
- GlobeImposter (2)
- Injection Techniques (2)
- Windows XP (2)
- av (2)
- elevation (2)
- tools (2)
- APC (1)
- Bad Rabbit (1)
- CVS (1)
- CryFile (1)
- Detours (1)
- ESTEEMAUDIT (1)
- Equifax (1)
- FindADetour (1)
- GOZI (1)
- HIPAA (1)
- Hancitor (1)
- Linux (1)
- Lockerpin.A (1)
- MSSP (1)
- ModPOS (1)
- NtSetInformationVirtualMemory (1)
- PCI DSS (1)
- Patch (1)
- SCADA (1)
- Scarab (1)
- Unix (1)
- Verizon (1)
- Windows 10 (1)
- anti-virus (1)
- avulnerabilitychecker (1)
- bypass UAC (1)
- command injection (1)
- environment variable (1)
- excel-scriptlet (1)
- hospitality (1)
- media (1)
- meltdown (1)
- path redirect (1)
- spectre (1)
- variable expansion (1)
- variables (1)
FEATURED ARTICLES
FOLLOW US
tag cloud
- enSilo Corporate and Product (182)
- Weekly Security News (96)
- Windows (49)
- Malware (41)
- Industry (22)
- Research (22)
- enSilo Breaking Malware (19)
- cybersecurity (16)
- Business (13)
- Ransomware (13)
- code injection (9)
- Vulnerabilities (7)
- AtomBombing (6)
- WannaCry (6)
- POS malware (5)
- RAT (5)
- NSA (4)
- exploit (4)
- APT (3)
- Endpoint Protection (3)
- Mac OS X (3)
- Moker (3)