Tag Archives: application control

How to dismantle an atomic bomb

Security researchers at enSilo recently released a novel code injection technique for Windows known as ‘Atom Bombing’. This is so called because it exploits Windows atom tables and Async procedure calls (APC) to evade detection by many common security solutions.

Continue Reading


Application authentication needs a reboot

Last week marked an exciting new first – ransomware on a Mac disclosed by Palo Alto who had seen it with a client. What’s simultaneously encouraging and disappointing is that it could have been prevented without detection using highly recommended best practices – application whitelisting  (yes, it is possible to do whitelisting today – we do it with lots of our clients as do other providers).

Continue Reading


Path of enlightenment part 2 – Taking tasks to task

As discussed in my last blog the issue of unquoted paths for services has been around for over 15 years. Despite this there is another potential privilege escalation with unquoted paths which doesn’t get as much coverage, these are Scheduled Tasks.

Continue Reading


Security by default: No more leaky buckets

Here at Avecto we believe that security products should be secure by design, meaning that they are designed from the ground up to be secure. A key principle is that you should be able to share details of the design without compromising its security, as opposed to security by obscurity, where you are reliant on keeping the solution secret to prevent a compromise.

Continue Reading


Windows 10 whitelisting will not be for everyone

Windows 10′s security overhaul offers a lot but beware its complexities and limitations

With the arrival of Windows 10 in late July, businesses must once again pose many of the same questions that presented themselves at the time of the launch of Windows 8 in 2012, Windows 7 in 2009 and, for those with long enough memories, Windows XP in 2001.

Continue Reading