Sedating the Watchdog: Abusing Security Products to Bypass Mitigations

tools, Vulnerabilities, anti-virus, av, avulnerabilitychecker, Windows, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Design issues in various security products, such as anti-virus, make it significantly easier for threat actors to bypass exploit mitigations. As part of our ongoing goal of complete endpoint security, we found a prevalent flaw where anti-virus products allocate memory with RWX permissions at a predictable address.

Read More

“Selfie”: A Tool to Unpack Self-Modifying Code using DynamoRIO

tools, enSilo Breaking Malware, Endpoint Protection, Malware, Windows, enSilo Corporate and Product

TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a majority of malwares packed with self-modifying code. The Selfie tool is now open-sourced, compiled to 32-bit, and can be found here.

Read More