Select Page
Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know ... continue reading
wannacrypt1

WannaCrypt ransomware worm targets out-of-date systems

On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches ... continue reading
Windows 10 Memory Protection Features

Windows 10 Memory Protection Features

Hello, Paul Bergson back again with a discussion on the newly built-in memory protection features provided in Windows 10 and Windows Server 2016. I refer to Win10 throughout the document, but this is just for brevity sake. For a complete ... continue reading
Execution stages of the exploit package and corresponding functionality

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The ... continue reading
clip_image002

Building a KMS Host on Windows Server 2008 R2

Support Lifecycle: https://support.microsoft.com/en-us/lifecycle?p1=14134 This blog post is part of a series of posts, detailing the build process and activating capabilities of a KMS host on a particular host operating system. The operating system dictates which KMS host key (CSVLK) can ... continue reading