ENSILO BLOG

You are Reading:  

Turning (Page) Tables: Bypassing Kernel Mitigations to Successfully Escalate Privileges

On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the Microsoft Windows operating system. It's a general technique to leverage with kernel...

Read More

GlobeImposter Ransomware

GlobeImposter Ransomware

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it...

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime.

Read More

Command Injection/Elevation – Environment Variables Revisited

Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the system. This code...

Read More

AtomBombing CFG-Protected Processes

TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.

Read More

AtomBombing: Brand New Code Injection for Windows

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security...

Read More

Elastic Boundaries – Elevating privileges by environment variables expansion

Even though any process is provided with variables from its environment, they are often overlooked by users, developers and sometimes even the OS itself.

Read More

Captain Hook: Pirating AVs to Bypass Exploit Mitigations

TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code hooking and injection techniques. These issues were found in more than 15 different products....

Read More

Documenting the Undocumented: Adding CFG Exceptions

TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls from calling addresses that are not marked as safe. CFG can cause problems for anyone...

Read More

SANS review of ensilo

CATEGORIES

FEATURED ARTICLES

tag cloud