ENSILO BLOG

You are Reading:  

ArdBot: A Malware Under Construction

Recently we came across a new sample of the ArdBot malware, appearing on kernelmode, credited to R136a1. We wrote more about ArdBot here.

A research of this sample showed a malware strain that is...

Read More

Sedating the Watchdog: Abusing Security Products to Bypass Mitigations

TL;DR: Design issues in various security products, such as anti-virus, make it significantly easier for threat actors to bypass exploit mitigations. As part of our ongoing goal of complete...

Read More

A Technical Breakdown of ModPOS

ModPOS is the latest in the string of POS malware that’s making the news. As its family name implies, this malware is intent on one: stealing credit card information.

Read More

Moker, Part 2: Capabilities

A few days ago, we published a blog entry on an advanced malware called Moker, and discussed the different challenges that Moker placed to avoid detection and anti-dissection, as part of enSilo’s...

Read More

Moker, Part 1: Dissecting a New APT Under the Microscope

Recently, we came across Moker, an advanced malware residing in a sensitive network of a customer. Since the malware did not try to access an external server, but rather tamper with the system...

Read More

Class Dismissed: 4 Use-After-Free Vulnerabilities in Windows

Introduction

Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for CVE-2015-2363, a complementary patch to CVE-2015-2360 from last month. The two CVEs together...

Read More

“Selfie”: A Tool to Unpack Self-Modifying Code using DynamoRIO

TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a majority of malwares packed with self-modifying code. The Selfie tool is now...

Read More

Vulnerability Patching: Learning from AVG on Doing it Right.

Introduction

As part of our research, we analyze the intricate relationship between Anti-Virus and Operating Systems (OS). During this process, we came across a vulnerability in AVG Internet...

Read More

One Bit To Rule Them All: Bypassing Windows 10 Protections Using a Single Bit

Introduction

Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated Windows exploitable vulnerability which we...

Read More

SANS review of ensilo

CATEGORIES

FEATURED ARTICLES

tag cloud