all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework

Add to bookmarks
Aug. 31, 2023, 7:42 a.m. | /u/Daniel24z25

/r/netsec - Information Security News & Discussion www.reddit.com

Research presented on DEF CON 31 that demonstrates how the Windows containers isolation framework (wcifs.sys), which is loaded on every modern Windows system by default, can be abused to bypass EDR file system malware protection, file/folder write restrictions and I/O ETW log-based correlations.

bypass bypass edr con container containers def default def con def con 31 edr file file system folder framework isolation log malware netsec protection research restrictions system undetected windows windows container isolation framework windows system

Visit resource

More from www.reddit.com / /r/netsec - Information Security News & Discussion

A Basic Guide to AFL QEMU 1 day, 2 hours ago | www.reddit.com
afl basic binary function +6
Nearly 20% of Docker Hub Repositories were used to spread malware & phishing scams 1 day, 11 hours ago | www.reddit.com
docker docker hub malware netsec +4
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP with Syzkaller 1 day, 16 hours ago | www.reddit.com
fuzzing netsec tcp
How an empty S3 bucket can make your AWS bill explode 1 day, 21 hours ago | www.reddit.com
aws bill can netsec +1
From IcedID to Dagon Locker Ransomware in 29 Days 2 days, 13 hours ago | www.reddit.com
icedid locker netsec ransomware
Judge0 Sandbox Escape - CVE-2024-29021, CVE-2024-28185 and CVE-2024-28189 2 days, 19 hours ago | www.reddit.com
cve cve-2024 escape judge0 +3
LSASS rings KsecDD ext. 0 - Overview of the recent KexecDD exploit 2 days, 20 hours ago | www.reddit.com
exploit lsass netsec rings
Just-in-Time admin and production access using Azure PIM 3 days, 12 hours ago | www.reddit.com
access admin azure just-in-time +3
Automating API Vulnerabilities Using Postman Workflows 4 days, 7 hours ago | www.reddit.com
api api vulnerabilities netsec postman +2

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs