A Technical Breakdown of ModPOS

Web Malware, Malware, ModPOS, POS malware, enSilo Breaking Malware, Windows, Windows XP, enSilo Corporate and Product

ModPOS is the latest in the string of POS malware that’s making the news. As its family name implies, this malware is intent on one: stealing credit card information.

Read More

Moker, Part 2: Capabilities

Web Malware, Malware, APT, Moker, RAT, enSilo Breaking Malware, Windows, enSilo Corporate and Product

A few days ago, we published a blog entry on an advanced malware called Moker, and discussed the different challenges that Moker placed to avoid detection and anti-dissection, as part of enSilo’s continuing improvement of our endpoint security software.

Now that we have the stripped down malware sample, it’s time to analyze the actual malware.

Read More

Moker: A new APT discovered within a sensitive network

Research, enSilo Corporate and Product, APT, RAT, Windows, Malware, Moker

Recently, enSilo found an Advanced Persistent Threat (APT) residing in a sensitive network of a customer. This APT appears to be a Remote Access Trojan (RAT) that is capable of taking complete control of the victim’s computer. To date, this APT is unknown and does not appear in VirusTotal. Moker was the file description that the malware author

Read More

Moker, Part 1: Dissecting a New APT Under the Microscope

Web Malware, Malware, APT, Moker, RAT, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Recently, we came across Moker, an advanced malware residing in a sensitive network of a customer. Since the malware did not try to access an external server, but rather tamper with the system inner workings, we decided to give this malware a second look. (This kind of work is part of developing complete endpoint security software.)

Read More

Class Dismissed: 4 Use-After-Free Vulnerabilities in Windows

Vulnerabilities, Windows, vulnerability, exploit, enSilo Breaking Malware, enSilo Corporate and Product

Introduction

Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for CVE-2015-2363, a complementary patch to CVE-2015-2360 from last month. The two CVEs together bundles within themselves IMPORTANT-rated exploitable vulnerabilities which we responsibly disclosed to Microsoft.

Read More

“Selfie”: A Tool to Unpack Self-Modifying Code using DynamoRIO

tools, enSilo Breaking Malware, Endpoint Protection, Malware, Windows, enSilo Corporate and Product

TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a majority of malwares packed with self-modifying code. The Selfie tool is now open-sourced, compiled to 32-bit, and can be found here.

Read More

NanoCore RAT: It’s Not 100% Original

Research, enSilo Corporate and Product, Malware, Windows, RAT

A few days ago, a cracked full-version of the NanoCore Remote Access Trojan (RAT) tool was leaked.

With scarce existing documentation of NanoCore we decided to investigate ourselves NanoCore’s core set of features and techniques. (We do this as part of enSilo’s development of the best endpoint security software.) What we found was that although

Read More

Vulnerability Patching: Learning from AVG on Doing it Right.

Vulnerabilities, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Introduction

As part of our research, we analyze the intricate relationship between Anti-Virus and Operating Systems (OS). During this process, we came across a vulnerability in AVG Internet Security 2015 build 5736 + Virus database 8919 released January 13th 2015.

The vulnerability? The affected AVG product had allocated a memory page with RWX

Read More

CVE-2015-0057: The 1-Bit that will Bring Windows Down

Research, enSilo Corporate and Product, Windows, exploit

enSilo’s research team has identified an exploitable privilege escalation vulnerability which enables a threat actor to run code of their liking on the Windows kernel. (enSilo really, really knows endpoint security!)

The vulnerability was patched today as part of Microsoft’s Patch Tuesday. The vulnerability, CVE-2015-0057, is rated as

Read More

One Bit To Rule Them All: Bypassing Windows 10 Protections Using a Single Bit

Windows 10, exploit, vulnerability, enSilo Breaking Malware, Windows, enSilo Corporate and Product

Introduction

Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated Windows exploitable vulnerability which we responsibly disclosed to Microsoft a few months ago. (enSilo researchers often discover new vulnerabilities in out continuing work towards complete endpoint

Read More