BSidesSF 2017 has ended
Back To Schedule
Monday, February 13 • 2:50pm - 3:20pm
AtomBombing: Injecting Code Using Windows’ Atoms

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

In this talk we present a code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). At the time of its release (October 2016), AtomBombing went undetected by common security solutions that focused on preventing infiltration.

AtomBombing affects all Windows versions. In particular, we tested it against Windows 10 and Windows 7. 

Unfortunately, this issue cannot be patched by Microsoft since it doesn’t rely on broken or flawed code – rather on how these operating system mechanisms are designed.

avatar for Tal Liberman

Tal Liberman

Security Research Team Leader, enSilo
Tal has a strong interest in cyber-security, mainly focusing around OS-internals, reverse-engineering and low-level research. As a cyber security research team lead at enSilo, Tal’s team is responsible for reverse engineering OS internals, exploits, and malware and integrating their... Read More →
avatar for Udi Yavo

Udi Yavo

CTO, enSilo
Udi Yavo has more than 15 years of experience in security with a proven track record in leading cutting edge cyber-security R&D projects. Prior to enSilo, Udi spearheaded the direction of the cyber-security unit at the National Electronic Warfare Research & Simulation Center of Rafael... Read More →

Monday February 13, 2017 2:50pm - 3:20pm PST
DNA Lounge