July 23, 2018
A few months back, we published a 3-part series of blog posts, presenting a research carried out by two of our researchers: Yarden Shafir and Assaf Carlsbad. Find the full research here:
Part 1: http://bit.ly/DeepHooks1
Part 2: http://bit.ly/DeepHooks2
Part 3: http://bit.ly/DeepHooks3
The research introduced a new way of monitoring parts of WoW64 processes that are usually ignored by security products. This blind spot often leads to exploitation by sophisticated pieces of malware. The technique presented in the research can be used to better monitor WoW64 processes, making detection harder to bypass. The research is the basis for some new SentinelOne detection capabilities, for example, detecting the notorious “Heaven’s Gate” bypass technique.
Following its publication, the research drew a lot of interest from the community. The researchers were invited to various cybersecurity conferences to share their insights.
For those of you who are intrigued by WOW64 applications and how to protect them, here is their talk from BSidesTLV. You can also meet them on August 30, at the HITB GSEC 2018 Conference.
-~-
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
Just a Sec: Cybersecurity Unfiltered—Fast, Frank, and From the Front Lines
Welcome to the first-ever Just A Sec, a no-holds-barred, quick-fire monthly livestream. It’s cybersecurity like you’ve never heard it before—unfiltered,…
See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.