ENSILO BLOG

You are Reading:  

WannaCry Jr. : The Little Ransom That Couldn't

Earlier today, we caught a new in-the-wild version of what seemed to be WannaCry. A check with VirusTotal showed that this sample hasn't been seen before. After a brief investigation, we can...

Read More

The NotPetya ‘Not’ Killswitch

In the past few days a new Petya-like ransomware, dubbed NotPetya, infected machines across the world by leveraging some of the NSA’s exploits for the SMB protocol (EternalBlue, EternalRomance),...

Read More

ShadowGroup Reveals All? Initial Analysis of the Equation Group Dump

 

On Good Friday, April 14, The Shadow Brokers released to the public a bunch of powerful Windows’ exploits, tools and exploit kits used by The Equation Group – the group supposedly behind the NSA.

Read More

Open Door: Unix Open Source Vulnerabilities Affect Mac OS X

Today, Apple’s MacOS X 10.12.4 update includes security fixes for several open source vulnerabilities. The update includes a vulnerability fix that enSilo’s researcher, Omer Medan, disclosed to...

Read More

AtomBombing Goes Nuclear

In late 2016, enSilo researchers shared AtomBombing with the security world. More of a “proof of concept” than an actual exploit, AtomBombing took advantage of Microsoft Windows built-in atom...

Read More

Customer Advisory Warning: The Comeback of the Hancitor Campaign

We are currently witnessing an active malware campaign involving the Hancitor Trojan/Pony botnet. Once installed on the victim’s machine, Hancitor prepares the groundwork for the download of...

Read More

After the (Atom)Bombing

In late October enSilo researchers discovered a new code injection technique that leveraged atom tables – an underlying component of the Windows Operating System.

While code injection isn’t new,...

Read More

AtomBombing: A Code Injection that Bypasses Current Security Solutions

Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code.  (This research is one way enSilo ensures complete...

Read More

AtomBombing: Brand New Code Injection for Windows

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security...

Read More

FindADetour: The Tool that Tests for Vulnerable Microsoft's Detours

Today’s Microsoft September Patch Tuesday includes a patch to what they had tagged as a fix for Microsoft Office. Behind the scenes, however, that fix extends beyond Microsoft Office to hundreds...

Read More

SANS review of ensilo

CATEGORIES

FEATURED ARTICLES

tag cloud