TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a majority of malwares packed with self-modifying code. The Selfie tool is now open-sourced, compiled to 32-bit, and can be found here.
As part of our research, we analyze the intricate relationship between Anti-Virus and Operating Systems (OS). During this process, we came across a vulnerability in AVG Internet Security 2015 build 5736 + Virus database 8919 released January 13th 2015.
The vulnerability? The affected AVG product had allocated a memory page with RWX
Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated Windows exploitable vulnerability which we responsibly disclosed to Microsoft a few months ago. (enSilo researchers often discover new vulnerabilities in out continuing work towards complete endpoint