Captain Hook: Pirating AVs to Bypass Exploit Mitigations

Vulnerabilities, av, Detours, hooking, vulnerability, enSilo Breaking Malware, Windows, code injection, enSilo Corporate and Product

TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code

Read More

Documenting the Undocumented: Adding CFG Exceptions

documentation, CFG, Control Flow Guard, NtSetInformationVirtualMemory, Windows, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls

Read More

Analyzing Furtim: Malware that Avoids Mass-Infection

Malware, Furtim, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Overview

Recently we came across a new malware strain, first discovered by @hFireF0X, and at point of

Read More

ArdBot: A Malware Under Construction

Malware, ArdBot, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Recently we came across a new sample of the ArdBot malware, appearing on kernelmode, credited to R136a1.

Read More

Sedating the Watchdog: Abusing Security Products to Bypass Mitigations

tools, Vulnerabilities, anti-virus, av, avulnerabilitychecker, Windows, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Design issues in various security products, such as anti-virus, make it significantly easier for

Read More

A Technical Breakdown of ModPOS

Web Malware, Malware, ModPOS, POS malware, enSilo Breaking Malware, Windows, Windows XP, enSilo Corporate and Product

ModPOS is the latest in the string of POS malware that’s making the news. As its family name implies, this

Read More

Moker, Part 2: Capabilities

Web Malware, Malware, APT, Moker, RAT, enSilo Breaking Malware, Windows, enSilo Corporate and Product

A few days ago, we published a blog entry on an advanced malware called Moker, and discussed the different

Read More

Moker, Part 1: Dissecting a New APT Under the Microscope

Web Malware, Malware, APT, Moker, RAT, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Recently, we came across Moker, an advanced malware residing in a sensitive network of a customer. Since

Read More

Class Dismissed: 4 Use-After-Free Vulnerabilities in Windows

Vulnerabilities, Windows, vulnerability, exploit, enSilo Breaking Malware, enSilo Corporate and Product

Introduction

Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for

Read More

“Selfie”: A Tool to Unpack Self-Modifying Code using DynamoRIO

tools, enSilo Breaking Malware, Endpoint Protection, Malware, Windows, enSilo Corporate and Product

TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a

Read More