Injection on Steroids: Code-less Code Injections and 0-Day Techniques

Presented at BSidesLV 2015, Aug. 4, 2015, 11 a.m. (55 minutes).

We expose additional new user- and kernel-mode injection techniques. One of these techniques we've coined as "code-less code injection" since, as opposed to other known injection techniques, does not require adding code to the injected process. We also reveal an additional kernel-mode code injection which is a variation to the technique used by the AVs. However, as we demonstrate, malwares can actually simplify this process.


Presenters:

  • Tomer Bitton
    Tomer Bitton has more than 12 years of experience in security research. Tomer focuses on original research such as malware reversing, hostile code and extreme packers. In his prior role, Tomer served as a low-level security researcher at the National Electronic Warfare Research & Simulation Center of Rafael Advanced Defense Systems. There, he won excellence and innovation awards for complex security projects. Before that, Tomer managed the security content team at Imperva. Previous roles included a security researcher at Radware and a senior malware researcher at RSA Security.
  • Udi Yavo - CTO - enSilo
    Udi Yavo has more than 15 years of experience in security with a proven track record in leading cutting edge cyber-security R&D projects. Prior to enSilo, Udi spearheaded the direction of the cyber-security unit at the National Electronic Warfare Research & Simulation Center of Rafael Advanced Defense System and served as its CTO. Additionally, he developed and led Rafael's cyber training programs. Udi's achievements at Rafael have been recognized, winning him excellence and innovation awards on complex security projects. Prior to Rafael, Udi served as a system architect at the IDF. He holds a BA in Computer Science from the Open University.

Links:

Similar Presentations: