![[__]](https://pbs.twimg.com/profile_images/1275379405137874950/CJ3ibRLb_normal.jpg)
@4Dgifts Can you explain the attack flow to exploit this? This is just a hardening issue, correct?
Bit9 does not protect itself from IFEO hijacks.Create a Subkey for "parity.exe" that points to malicious file. Next reboot, Bit9 is dead.pic.twitter.com/UzkHInM2bg
-
-
-
Bit9 has self protection against termination, service reg keys modification, but does not protect its service EXE
End of conversation
New conversation -
-
-
nice find
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
But on the plus side, your domain controllers stopped bluescreening.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Hopefully you looped in
@Carbonblack_inc on this!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Nice find! I work for them. Want to send us more details so we can mitigate? :-D
-
it's in the works already.
End of conversation
New conversation -
-
-
.
@waleedassar@botherder I seem to recall this technique being presented at Baythreat 3 or 4 years ago.... -
constantly used for persistent backdoors too (eg. Sticky Keys).
- Show replies
New conversation -
-
-
Nice find. Rules intended to block this don't take into account REG_KEY_DONT_VIRTUALIZE.on x64 keys. Fix and workaround coming.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.