enSilo Unveils "Turning Tables" Exploitation Technique at BSides Las Vegas
Research shows technique for bypassing kernel defenses in Microsoft Windows and other modern operating systems
LAS VEGAS, Aug. 8, 2018 /PRNewswire/ -- enSilo, the company that protects endpoints pre- and post-infection, stops data breaches in real time and automatically orchestrates incident investigation and response, today reveals the discovery of a high-profile cyber attack technique dubbed "Turning Tables." In a presentation at BSides Las Vegas, enSilo will demonstrate how attackers can use this technique to bypass all current Windows kernel mitigations, including VBS based mitigations, by manipulating page-tables.
In their presentation "Turning (Page) Tables: Bypassing Advanced Kernel Mitigations Using Page Table Manipulations," enSilo security research team leader Omri Misgav and Udi Yavo, enSilo Co-Founder and CTO, will detail how an attacker can subvert popular operating systems' latest, built-in kernel security safeguards by carefully manipulating page tables, the data structures operating systems use to map virtual memory address to memory physical addresses.
Misgav and Yavo will present this talk at 6:00 p.m. Pacific Time on Wednesday, August 8 during BSides Las Vegas at the Tuscany Suites and Casino.
The "Turning Tables" exploitation technique is not limited only to Microsoft Windows and can also be leveraged against other operating systems. In recent years, Microsoft and other vendors have hardened their software with a host of embedded security features designed to safeguard the kernel - including page table randomization, Kernel Control-Flow-Guard and VBS protections such as Kernel-Mode Code Integrity (KMCI). However, the Turning Tables exploitation technique enSilo discovered renders these defense mechanisms ineffective, giving attackers a new entry point to escalate privileges and upend entire stacks of layered security products premised on operating systems' integrity.
"enSilo has a proud history of providing research to benefit the broader security community by identifying novel attacks and inventing defenses - our team is honored to continue this work at BSides this year," Yavo explained. "While Microsoft continues to strengthen Windows kernel security and improve its mitigations, our research again proves that adversaries can devise novel methods to achieve SYSTEM-level privileges. By bringing knowledge of these techniques to the forefront, organizations can better defend against criminals who attack under the radar and give new life to older, known malware families that the cybercrime economy relies on for ransomware, botnets, DDoS attacks and data harvesting."
The enSilo Endpoint Security Platform protects customers from potential exploits employing the Turning Tables technique by blocking suspect processes attempting to abuse operating systems. Earning a "Recommended" rating from NSS Labs' rigorous, independent tests and praise from reviewers at SC Media, CSO, AV-TEST, SANS and elsewhere, the enSilo platform automates and orchestrates detection, prevention and real-time response against advanced malware and ransomware without burdening cybersecurity staff. enSilo uniquely integrates next generation antivirus (NGAV) with application communication control, automated endpoint detection and response (EDR) and real-time blocking, threat hunting, incident response and virtual patching capabilities in a single lightweight agent.
Meet with enSilo in Las Vegas, August 6-9 during BSides and Black Hat USA
enSilo experts will be meeting with customers, partners and other attendees at BSides Las Vegas and Black Hat USA to discuss the company's threat research and endpoint security strategies.
- Click here for information on joining BSides Las Vegas (Aug. 7-8) to watch enSilo's Turning Tables presentation.
- Visit enSilo at booth #1344 during Black Hat (Aug. 4-9) in the Mandalay Bay Convention Center to interview experts and watch demos of enSilo's platform.
About enSilo
enSilo comprehensively secures the endpoint pre- and post-infection. enSilo automates and orchestrates detection, prevention and automated real-time response against advanced malware and ransomware without burdening cybersecurity staff. enSilo's single lightweight agent includes next generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response and virtual patching capabilities. Coupled with a patented approach that has full system visibility, enSilo's endpoint security solution stops modern malware with a high degree of precision and intuitive user interface. Cybersecurity staff with enSilo can effectively manage malware threats without alert fatigue, excessive dwell time or breach anxiety. enSilo's cloud management platform is flexible and extensible to meet operational needs that stop malware impact. For more information please visit www.ensilo.com.
SOURCE enSilo
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article