Enter The DarkGate: New Cryptocurrency Mining and Ransomware Campaign

enSilo Breaking Malware

An active and stealthy cryptocurrency mining and ransomware campaign infecting targets in Spain and France

Read More

Melting Down PatchGuard: Leveraging KPTI to Bypass Kernel Patch Protection

enSilo Breaking Malware, cybersecurity, Windows, meltdown, KPTI, PatchGuard

The mitigation for Meltdown created a new part in the kernel which PatchGuard left unprotected, making

Read More

Turning (Page) Tables: Bypassing Kernel Mitigations to Successfully Escalate Privileges

enSilo Breaking Malware, cybersecurity, enSilo Corporate and Product

On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the

Read More

GlobeImposter Ransomware

enSilo Breaking Malware, GlobeImposter, Ransomware, enSilo Corporate and Product

GlobeImposter Ransomware

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

documentation, enSilo Breaking Malware, Windows, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

documentation, enSilo Breaking Malware, Windows, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could

Read More

Command Injection/Elevation – Environment Variables Revisited

Vulnerabilities, command injection, elevation, variables, enSilo Breaking Malware, UAC, Windows, code injection, enSilo Corporate and Product

Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an

Read More

AtomBombing CFG-Protected Processes

Injection Techniques, AtomBombing, CFG, code injection, Control Flow Guard, Windows, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.

Read More

AtomBombing: Brand New Code Injection for Windows

Injection Techniques, APC, AtomBombing, code injection, Research, Windows, enSilo Breaking Malware, Malware, enSilo Corporate and Product

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async

Read More

Elastic Boundaries – Elevating privileges by environment variables expansion

Vulnerabilities, bypass UAC, elevation, environment variable, path redirect, variable expansion, enSilo Breaking Malware, UAC, Windows, code injection, enSilo Corporate and Product

Even though any process is provided with variables from its environment, they are often overlooked by

Read More