TMCnet News
enSilo Unveils "Turning Tables" Exploitation Technique at BSides Las VegasLAS VEGAS, Aug. 8, 2018 /PRNewswire/ -- enSilo, the company that protects endpoints pre- and post-infection, stops data breaches in real time and automatically orchestrates incident investigation and response, today reveals the discovery of a high-profile cyber attack technique dubbed "Turning Tables." In a presentation at BSides Las Vegas, enSilo will demonstrate how attackers can use this technique to bypass all current Windows kernel mitigations, including VBS based mitigations, by manipulating page-tables. In their presentation "Turning (Page) Tables: Bypassing Advanced Kernel Mitigations Using Page Table Manipulations," enSilo security research team leader Omri Misgav and Udi Yavo, enSilo Co-Founder and CTO, will detail how an attacker can subvert popular operating systems' latest, built-in kernel security safeguards by carefully manipulating page tables, the data structures operating systems use to map virtual memory address to memory physical addresses. Misgav and Yavo will present this talk at 6:00 p.m. Pacific Time on Wednesday, August 8 during BSides Las Vegas at the Tuscany Suites and Casino. The "Turning Tables" exploitation technique is not limited only to Microsoft Windows and can also be leveraged against other operating systems. In recent years, Microsoft and other vendors have hardened their software with a host of embedded security features designed to safeguard the kernel - including page table randomization, Kernel Control-Flow-Guard and VBS protections such as Kernel-Mode Code Integrity (KMCI). However, the Turning Tables exploitation technique enSilo discovered renders these defense mechanisms ineffective, giving attackers a new entry point to escalate privileges and upend entire stacks of layered security products premised on operating systems' integrity. "enSilo has a proud history of providing research to benefit the broader security community by identifying novel attacks and inventing defenses - our team is honored to continue this work at BSides this year," Yavo explained. "While Microsoft continues to strengthen Windows kernel security and improve its mitigations, our research gain proves that adversaries can devise novel methods to achieve SYSTEM-level privileges. By bringing knowledge of these techniques to the forefront, organizations can better defend against criminals who attack under the radar and give new life to older, known malware families that the cybercrime economy relies on for ransomware, botnets, DDoS attacks and data harvesting." The enSilo Endpoint Security Platform protects customers from potential exploits employing the Turning Tables technique by blocking suspect processes attempting to abuse operating systems. Earning a "Recommended" rating from NSS Labs' rigorous, independent tests and praise from reviewers at SC Media, CSO, AV-TEST, SANS and elsewhere, the enSilo platform automates and orchestrates detection, prevention and real-time response against advanced malware and ransomware without burdening cybersecurity staff. enSilo uniquely integrates next generation antivirus (NGAV) with application communication control, automated endpoint detection and response (EDR) and real-time blocking, threat hunting, incident response and virtual patching capabilities in a single lightweight agent. Meet with enSilo in Las Vegas, August 6-9 during BSides and Black Hat USA
About enSilo
SOURCE enSilo 
|
View original content: