Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework | allinfosecnews.com

Aug. 31, 2023, 7:42 a.m. | /u/Daniel24z25

/r/netsec - Information Security News & Discussion www.reddit.com

Research presented on DEF CON 31 that demonstrates how the Windows containers isolation framework (wcifs.sys), which is loaded on every modern Windows system by default, can be abused to bypass EDR file system malware protection, file/folder write restrictions and I/O ETW log-based correlations.

bypass bypass edr con container containers def default def con def con 31 edr file file system folder framework isolation log malware netsec protection research restrictions system undetected windows windows container isolation framework windows system

More from www.reddit.com / /r/netsec - Information Security News & Discussion

Hands-On Kernel & User-Mode Hooking: From Theory to Working Code 16 hours ago | www.reddit.com

code hooking kernel mode +3

State of WiFi Security in 2024 18 hours ago | www.reddit.com

article exploiting feedback find +9

Hunting bugs in Nginx JavaScript engine (njs) with with fuzzing and CodeQL 1 day, 17 hours ago | www.reddit.com

bugs codeql engine fuzzing +4

Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer … 1 day, 19 hours ago | www.reddit.com

access breach cloud cloud storage +8

How to achieve passive persistence - part 2: outliving the krbtgt reset 3 days, 1 hour ago | www.reddit.com

hashes netsec passive persistence +1

Check Point - Wrong Check Point (CVE-2024-24919) - watchTowr Labs 3 days, 8 hours ago | www.reddit.com

check check point cve cve-2024 +5

XZ Utils 5.6.2 (stable), 5.4.7 (old stable), 5.2.13 (old old stable) have been released 3 days, 14 hours ago | www.reddit.com

netsec old xz utils

CVE-2024-22058 Ivanti Landesk LPE - Mantodea Security 3 days, 20 hours ago | www.reddit.com

cve cve-2024 ivanti lpe +2

HardwareBreakPoint + Ekko ROP modified to hold stack arguments + Kernel Objects Enumeration for some … 4 days, 4 hours ago | www.reddit.com

enumeration kernel memory netsec +2

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com