Turning (Page) Tables: Bypassing Kernel Mitigations to Successfully Escalate Privileges

cybersecurity, enSilo Breaking Malware, enSilo Corporate and Product

On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the

Read More

GlobeImposter Ransomware

enSilo Breaking Malware, enSilo Corporate and Product, Ransomware, GlobeImposter

GlobeImposter Ransomware

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

Windows, documentation, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

Windows, documentation, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could

Read More

Command Injection/Elevation – Environment Variables Revisited

Vulnerabilities, Windows, code injection, elevation, command injection, UAC, variables, enSilo Breaking Malware, enSilo Corporate and Product

Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an

Read More

AtomBombing CFG-Protected Processes

Windows, Injection Techniques, code injection, AtomBombing, CFG, Control Flow Guard, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.

Read More

AtomBombing: Brand New Code Injection for Windows

Research, Windows, Injection Techniques, Malware, code injection, AtomBombing, APC, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and

Read More

Elastic Boundaries – Elevating privileges by environment variables expansion

Vulnerabilities, Windows, code injection, bypass UAC, elevation, environment variable, path redirect, UAC, variable expansion, enSilo Breaking Malware, enSilo Corporate and Product

Even though any process is provided with variables from its environment, they are often overlooked by

Read More

Captain Hook: Pirating AVs to Bypass Exploit Mitigations

av, Vulnerabilities, Windows, code injection, vulnerability, Detours, hooking, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code

Read More

Documenting the Undocumented: Adding CFG Exceptions

Windows, documentation, CFG, Control Flow Guard, NtSetInformationVirtualMemory, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls

Read More