AUTHOR

Articles By Gabriel Landau

Videos

Sandboxing Antimalware Products for Fun and Profit

This article demonstrates a flaw that allows attackers to bypass a Windows security mechanism which protects anti-malware products from various forms of attack.

Videos

Sandboxing anti-malware products for fun and profit

The Elastic Security team has found an unpatched Windows flaw that allows malware to disable security products. Here’s how to fix it using Elastic.

Videos

Detecting and blocking unknown KnownDlls

This is the second in a two-part series discussing a still-unpatched userland Windows privilege escalation. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver.

Videos

What you need to know about Process Ghosting, a new executable image tampering attack

Several common process tampering attacks exploit the gap between process creation and when security products are notified. Elastic Security detects a variety of such techniques, including Doppelgänging, Herpaderping, and a new technique: Ghosting

Videos

Protecting Windows protected processes

This blog is the first in a two-part series discussing a userland Windows exploit that enables attackers to perform highly privileged actions that typically require a kernel driver.