“Selfie”: A Tool to Unpack Self-Modifying Code using DynamoRIO

tools, enSilo Breaking Malware, Endpoint Protection, Malware, Windows, enSilo Corporate and Product

TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a majority of malwares packed with self-modifying code. The Selfie tool is now open-sourced, compiled to 32-bit, and can be found here.

Read More

Vulnerability Patching: Learning from AVG on Doing it Right.

Vulnerabilities, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Introduction

As part of our research, we analyze the intricate relationship between Anti-Virus and Operating Systems (OS). During this process, we came across a vulnerability in AVG Internet Security 2015 build 5736 + Virus database 8919 released January 13th 2015.

The vulnerability? The affected AVG product had allocated a memory page with RWX

Read More

One Bit To Rule Them All: Bypassing Windows 10 Protections Using a Single Bit

Windows 10, exploit, vulnerability, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Introduction

Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated Windows exploitable vulnerability which we responsibly disclosed to Microsoft a few months ago. (enSilo researchers often discover new vulnerabilities in out continuing work towards complete endpoint

Read More