Mathilde Venault
The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 2
In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries and review how the Cro[…]
The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 1
Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack. One of the less common techniques includes the exploi[…]
Playing Hide-and-Seek with Ransomware, Part 2
In Part 1, we explained what Intel SGX enclaves are and how they benefit ransomware authors. In Part 2, we explore a hypothetical step-by-step implementation and outline the limitations of this method[…]
Playing Hide-and-Seek with Ransomware, Part 1
Intel SGX technology enables developers to isolate and encrypt a portion of code and data in the processor and memory in a trusted execution environment, known as an enclave. As enclaves are increasin[…]