GlobeImposter Ransomware
SCHEDULE A DEMO TODAY!
Please fill out the form below and we will help get you setup as soon as possible.
ENSILO BLOG
You are Reading:
Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)
by
Omri Misgav, Security Researcher, enSilo on September 11, 2017 -
TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it...
Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)
by
Omri Misgav, Security Researcher, enSilo on September 05, 2017 -
TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime.
Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the system. This code...
TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.
TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security...
Even though any process is provided with variables from its environment, they are often overlooked by users, developers and sometimes even the OS itself.
TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code hooking and injection techniques. These issues were found in more than 15 different products....
TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls from calling addresses that are not marked as safe. CFG can cause problems for anyone...
Analyzing Furtim: Malware that Avoids Mass-Infection
by
Yotam Gottesman, Security Researcher, enSilo on May 16, 2016 -
Overview
Recently we came across a new malware strain, first discovered by @hFireF0X, and at point of discovery, it was not detected by any of the 56 anti-virus programs tested by VirusTotal...
SUBSCRIBE
SANS Review
CATEGORIES
- enSilo Corporate and Product (185)
- Weekly Security News (96)
- Windows (49)
- Malware (41)
- Industry (22)
- Research (22)
- enSilo Breaking Malware (19)
- cybersecurity (16)
- Business (13)
- Ransomware (13)
- code injection (9)
- Vulnerabilities (7)
- AtomBombing (6)
- WannaCry (6)
- POS malware (5)
- RAT (5)
- NSA (4)
- exploit (4)
- APT (3)
- Endpoint Protection (3)
- Mac OS X (3)
- Moker (3)
- NotPetya (3)
- Process Doppelganging (3)
- UAC (3)
- Web Malware (3)
- documentation (3)
- hooking (3)
- vulnerability (3)
- Android (2)
- ArdBot (2)
- CFG (2)
- Control Flow Guard (2)
- Emotet Botnet (2)
- Fileless Malware (2)
- Furtim (2)
- Gartner (2)
- GlobeImposter (2)
- Injection Techniques (2)
- Windows XP (2)
- av (2)
- elevation (2)
- tools (2)
- APC (1)
- Bad Rabbit (1)
- CVS (1)
- CryFile (1)
- Detours (1)
- ESTEEMAUDIT (1)
- Equifax (1)
- FindADetour (1)
- GOZI (1)
- HIPAA (1)
- Hancitor (1)
- Linux (1)
- Lockerpin.A (1)
- MSSP (1)
- ModPOS (1)
- NtSetInformationVirtualMemory (1)
- PCI DSS (1)
- Patch (1)
- SCADA (1)
- Scarab (1)
- Unix (1)
- Verizon (1)
- Windows 10 (1)
- anti-virus (1)
- avulnerabilitychecker (1)
- bypass UAC (1)
- command injection (1)
- environment variable (1)
- excel-scriptlet (1)
- hospitality (1)
- media (1)
- meltdown (1)
- path redirect (1)
- spectre (1)
- variable expansion (1)
- variables (1)
FEATURED ARTICLES
enSilo Protects: Point of Sale (POS)
May 16, 2018 -
ensilo blocks SYNACK RANSOMWARE
May 11, 2018 -
Ctrl-Inject
May 08, 2018 -
FOLLOW US
tag cloud
- enSilo Corporate and Product (185)
- Weekly Security News (96)
- Windows (49)
- Malware (41)
- Industry (22)
- Research (22)
- enSilo Breaking Malware (19)
- cybersecurity (16)
- Business (13)
- Ransomware (13)
- code injection (9)
- Vulnerabilities (7)
- AtomBombing (6)
- WannaCry (6)
- POS malware (5)
- RAT (5)
- NSA (4)
- exploit (4)
- APT (3)
- Endpoint Protection (3)
- Mac OS X (3)
- Moker (3)