Gabriel Landau

Author

Gabriel Landau

Principal Software Engineer, Elastic


Articles

Introducing a New Vulnerability Class: False File Immutability

Introducing a New Vulnerability Class: False File Immutability

This article introduces a previously-unnamed class of Windows vulnerability that demonstrates the dangers of assumption and describes some unintended security consequences.

Inside Microsoft's plan to kill PPLFault

Inside Microsoft's plan to kill PPLFault

In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features.

Forget vulnerable drivers - Admin is all you need

Forget vulnerable drivers - Admin is all you need

Bring Your Own Vulnerable Driver (BYOVD) is an increasingly popular attacker technique whereby a threat actor brings a known-vulnerable signed driver alongside their malware, loads it into the kernel, then exploits it to perform some action within the kernel that they would not otherwise be able to do. Employed by advanced threat actors for over a decade, BYOVD is becoming increasingly common in ransomware and commodity malware.

Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks

Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks

We aim to out-innovate adversaries and maintain protections against the cutting edge of attacker tradecraft. With Elastic Security 8.8, we added new kernel call stack based detections which provide us with improved efficacy against in-memory threats.

Sandboxing Antimalware Products for Fun and Profit

Sandboxing Antimalware Products for Fun and Profit

This article demonstrates a flaw that allows attackers to bypass a Windows security mechanism which protects anti-malware products from various forms of attack.

Finding Truth in the Shadows

Finding Truth in the Shadows

Let's discuss three benefits that Hardware Stack Protections brings beyond the intended exploit mitigation capability, and explain some limitations.