AtomBombing Goes Nuclear

Research, cybersecurity, enSilo Corporate and Product, AtomBombing, code injection, Windows, Malware

In late 2016, enSilo researchers shared AtomBombing with the security world. More of a “proof of concept” than an actual exploit, AtomBombing took advantage of Microsoft Windows built-in atom tables that would allow specific API calls to inject code into the read-write memory space of a targeted process.

(NOTE: enSilo endpoint protection

Read More

Customer Advisory Warning: The Comeback of the Hancitor Campaign

Research, enSilo Corporate and Product, Hancitor, Malware, Windows, Fileless Malware

We are currently witnessing an active malware campaign involving the Hancitor Trojan/Pony botnet. Once installed on the victim’s machine, Hancitor prepares the groundwork for the download of further malicious modules such as ransomware or data stealing malware.

enSilo provides complete endpoint security, including blocking Hancitor/Pony

Read More

Predictions 2017: Enterprise Network Security Will Move to the Cloud

Industry, enSilo Corporate and Product, Malware

We predict that in 2017 enterprise network security will shift to the cloud and be offered as a service. (enSilo’s endpoint protection is already cloud-managed.)

Read More

Predictions 2017: Security Moves Down the Stack

Industry, enSilo Corporate and Product, Windows, Android, Malware

In 2017, we predict that security – the good and the bad – will be moving down the stack.

Both sides — defense vs offense — are moving down the stack. On one side: the confidentiality, integrity and availability of data, operations and processes. On the other: threat actors that are looking to steal, tamper or disrupt these. (Note that enSilo

Read More

AtomBombing: A Code Injection that Bypasses Current Security Solutions

Research, enSilo Corporate and Product, Windows, code injection, AtomBombing, Malware

Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code.  (This research is one way enSilo ensures complete endpoint protection.) Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that

Read More

AtomBombing: Brand New Code Injection for Windows

Injection Techniques, APC, AtomBombing, code injection, Research, Windows, enSilo Breaking Malware, Malware, enSilo Corporate and Product

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.

Read More

FindADetour: The Tool that Tests for Vulnerable Microsoft's Detours

Research, enSilo Corporate and Product, FindADetour, hooking, Windows, Malware

Today’s Microsoft September Patch Tuesday includes a patch to what they had tagged as a fix for Microsoft Office. Behind the scenes, however, that fix extends beyond Microsoft Office to hundreds of applications developed by Microsoft as well as hundreds of other software vendors. Accordingly, this fix affects millions of users – from those

Read More

Everything You Always Wanted to Know about Ransomware but Were Afraid to Ask

Industry, enSilo Corporate and Product, Ransomware, Malware, Windows

BadBlock, Cerber, Chimera, CoinVault, Crypt0L0cker, CryptoJoker, CTB-Locker, Jigsaw, KeRanger, Locky, NanoLocker, Petya, Samas, TeslaCrypt, zCrypt… these are just a few out of the hundreds of ransomware cropping up in the past year. Your current endpoint security solution may not be enough to protect you.

Read More

Adding UAC Bypass to the Attacker’s Tool Set

Research, enSilo Corporate and Product, Windows, UAC, Malware

Recently enSilo researchers, as part of our ongoing quest for endpoint protection, revealed a new way that attackers can bypass Microsoft’s User Access Control (UAC) mechanisms.

Read More

Intrusive Applications: 6 Security Issues to Watch Out for in Hooking

Research, enSilo Corporate and Product, Windows, hooking, Malware, code injection

For over a year our enSilo researchers have been looking into hooking engines and injection methods used by different vendors. It all started back in 2015 when we noticed injection issue in AVG but this was only the tip of the iceberg. A few months after that we noticed similar issues in McAfee and Kaspersky Anti-Virus. At that point we decided

Read More