On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the
enSilo Breaking Malware, enSilo Corporate and Product, Ransomware, GlobeImposter
GlobeImposter Ransomware
Windows, documentation, enSilo Breaking Malware, enSilo Corporate and Product
TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could
Windows, documentation, enSilo Breaking Malware, enSilo Corporate and Product
TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could
Vulnerabilities, Windows, code injection, elevation, command injection, UAC, variables, enSilo Breaking Malware, enSilo Corporate and Product
Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an
Windows, Injection Techniques, code injection, AtomBombing, CFG, Control Flow Guard, enSilo Breaking Malware, enSilo Corporate and Product
TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.
Research, Windows, Injection Techniques, Malware, code injection, AtomBombing, APC, enSilo Breaking Malware, enSilo Corporate and Product
TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and
Vulnerabilities, Windows, code injection, bypass UAC, elevation, environment variable, path redirect, UAC, variable expansion, enSilo Breaking Malware, enSilo Corporate and Product
Even though any process is provided with variables from its environment, they are often overlooked by
av, Vulnerabilities, Windows, code injection, vulnerability, Detours, hooking, enSilo Breaking Malware, enSilo Corporate and Product
TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code
Windows, documentation, CFG, Control Flow Guard, NtSetInformationVirtualMemory, enSilo Breaking Malware, enSilo Corporate and Product
TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls
Tags
- enSilo Corporate and Product (211)
- Weekly Security News (96)
- Windows (49)
- Malware (41)
- cybersecurity (23)
- Industry (22)
- Research (22)
- enSilo Breaking Malware (20)
- Business (13)
- Ransomware (13)
- code injection (9)
- Vulnerabilities (7)
- AtomBombing (6)
- WannaCry (6)
- POS malware (5)
- RAT (5)
- NSA (4)
- exploit (4)
- APT (3)
- Endpoint Protection (3)
- Mac OS X (3)
- Moker (3)
- NotPetya (3)
- Process Doppelganging (3)
- UAC (3)
- Web Malware (3)
- documentation (3)
- hooking (3)
- vulnerability (3)
- Android (2)
- ArdBot (2)
- CFG (2)
- Control Flow Guard (2)
- Emotet Botnet (2)
- Fileless Malware (2)
- Furtim (2)
- Gartner (2)
- GlobeImposter (2)
- Injection Techniques (2)
- Windows XP (2)
- av (2)
- elevation (2)
- tools (2)
- APC (1)
- Bad Rabbit (1)
- CVS (1)
- CryFile (1)
- Detours (1)
- ESTEEMAUDIT (1)
- Equifax (1)
- FindADetour (1)
- GOZI (1)
- HIPAA (1)
- Hancitor (1)
- Linux (1)
- Lockerpin.A (1)
- MSSP (1)
- ModPOS (1)
- NtSetInformationVirtualMemory (1)
- PCI DSS (1)
- Patch (1)
- SCADA (1)
- Scarab (1)
- Unix (1)
- Verizon (1)
- Windows 10 (1)
- anti-virus (1)
- avulnerabilitychecker (1)
- bypass UAC (1)
- command injection (1)
- environment variable (1)
- excel-scriptlet (1)
- hospitality (1)
- media (1)
- meltdown (1)
- path redirect (1)
- spectre (1)
- variable expansion (1)
- variables (1)
Subscribe
Subscribe to enSilo's Blog
and Stay on Top of the
Latest Security Research
and Industry News