FalconEye - Real-time detection software for Windows process injections

FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening real-time. Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection...

New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection

Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. The Early Bird code injection technique, highlighted in a Wednesday report by Cyberbit,...

Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...

Windows Defender ATP でステルス性の高いクロスプロセス インジェクション手法を検出する: プロセス ハロウイングと AtomBombing

本記事は、Microsoft Malware Protection Center のブログ “Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing...

Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection

Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called "AtomBombing." On Tuesday, Magal Baz, security researcher at Trusteer I...

Dridex Trojan Gets A Major 'AtomBombing' Update

The Dridex banking Trojan has been updated and now sports a new injection method for evading detection based on the technique known as AtomBombing. Researchers with IBM X-Force identified the new Dridex v4 sample earlier this month and said it is already in use in active campaigns against U.K...

This Code Injection Technique can Potentially Attack All Versions of Windows

Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer. Isn't that scary? Well, definitely for most of you. Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft's Windows...

Windows Atom Tables Can Be Abused for Code Injection Attacks

Researchers have identified a way attackers could use atom tables in all versions of Windows to inject malicious code into a computer and bypass detection by security products at the same time. The technique has been nicknamed AtomBombing by researchers at enSilo, and opens the door to perform...