Adding UAC Bypass to the Attacker’s Tool Set

Research, enSilo Corporate and Product, Windows, UAC, Malware

Recently enSilo researchers, as part of our ongoing quest for endpoint protection, revealed a new way that attackers can bypass Microsoft’s User Access Control (UAC) mechanisms.

Read More

Intrusive Applications: 6 Security Issues to Watch Out for in Hooking

Research, enSilo Corporate and Product, Windows, hooking, Malware, code injection

For over a year our enSilo researchers have been looking into hooking engines and injection methods used by different vendors. It all started back in 2015 when we noticed injection issue in AVG but this was only the tip of the iceberg. A few months after that we noticed similar issues in McAfee and Kaspersky Anti-Virus. At that point we decided

Read More

Furtim: The Ultra-Cautious Malware

Research, enSilo Corporate and Product, Furtim, Malware, Windows

Furtim is the latest stealthy malware, found in the wild, and its discovery is credited to @hFireF0X. (We wrote more about Furtim malware here.)

Clearly, Furtim’s developers were more interested in keeping their malware hidden from security’s prying eyes than hitting more targets. With stealth a key component, we code-named this downloader

Read More

ArdBot: An Inside Look into Malware in the Making

Research, enSilo Corporate and Product, ArdBot, Windows

Crediting R136a1 who published malware samples a few days ago on a forum, we found these samples under development. We quickly went ahead and analyzed one, allowing us a unique view into malware at such an early development stage.

Read More

You’re so predictable: the AV vulnerability that bypasses mitigations

Research, enSilo Corporate and Product, Industry, Windows, Malware

Our research team exposed a critical security vulnerability appearing in various Anti-Virus (AV) products which has the potential to turn the Anti-Virus to an attack-enabler tool. This issue is not necessarily constrained to security solutions, but potentially to any intrusive application such as data leak prevention (DLP) and performance

Read More

Moker: A new APT discovered within a sensitive network

Research, enSilo Corporate and Product, APT, RAT, Windows, Malware, Moker

Recently, enSilo found an Advanced Persistent Threat (APT) residing in a sensitive network of a customer. This APT appears to be a Remote Access Trojan (RAT) that is capable of taking complete control of the victim’s computer. To date, this APT is unknown and does not appear in VirusTotal. Moker was the file description that the malware author

Read More

The Top 10 BlackHat 2015 Talks for the Security Researcher

Research, enSilo Corporate and Product

BlackHat talks come in all shapes and sizes – from the philosophical keynotes and high-level to the ultra techie. Narrowing down the list of talks isn’t easy so I chose mine based on their technology flare. If you’re more of the techie sort, I hope this list helps you out as well. The only thing to note is that some unfortunately overlap so

Read More

MS Patch Tuesday: A Look into 4 Vulnerabilities in the Windows Kernel

Research, enSilo Corporate and Product

Today’s Microsoft Patch Tuesday includes a patch for CVE-2015-2363, an IMPORTANT-rated exploitable privilege escalation vulnerability which we have responsibly disclosed to Microsoft. CVE-2015-2363 is a nearly 20 year-old vulnerability, located in most Windows systems since Windows NT 4.0 and up to Windows 8.

Read More

MS June Patch Tuesday: Double Trouble in the Microsoft Kernel.

Research, enSilo Corporate and Product

Today is the Microsoft June Patch Tuesday. In particular, the patch includes two kernel exploitable vulnerabilities that enSilo researchers had reported to Microsoft just less than two weeks ago. Both vulnerabilities were filed together under CVE-2015-2360, ranked as IMPORTANT. These two vulnerabilities date back to the old – yet already

Read More

NanoCore RAT: It’s Not 100% Original

Research, enSilo Corporate and Product, Malware, Windows, RAT

A few days ago, a cracked full-version of the NanoCore Remote Access Trojan (RAT) tool was leaked.

With scarce existing documentation of NanoCore we decided to investigate ourselves NanoCore’s core set of features and techniques. (We do this as part of enSilo’s development of the best endpoint security software.) What we found was that although

Read More