Vulnerabilities

April 25, 2017
Disarming Control Flow Guard Using Advanced Code Reuse Attacks
blog-author-image
Posted By:
Categories :

Advanced exploitation is moving away from ROP-based code-reuse attacks.

February 27, 2017
The Chakra Exploit and the Limitations of Modern Mitigation Techniques
blog-author-image
Posted By:
Categories :

Last November, Microsoft released a security update for Microsoft Edge which included patches for vulnerabilities CVE-2016-7200 and CVE-2016-7201, which were discovered by Google Project Zero.

November 30, 2016
Another 0day, Another Prevention
blog-author-image
Posted By:
Categories :

A new 0day against the popular browser Firefox was revealed yesterday which specifically targets the popular “Tor Browser” project, a favorite of Tor users. The Endgame Vulnerability Research & Prevention team quickly analyzed the exploit from the original post, as well as a clean version of reduced JavaScript. 

Attack Uses Image Steganography For Stealthy Malware Ops On Instagram

Endgame details 'Instegogram' and Apple Mac OS X flaw with Instagram images.

August 21, 2016
Capturing 0day Exploits with PERFectly Placed Hardware Traps

To enable earlier detection while limiting the impact on performance, we have developed a new concept we’re calling Hardware Assisted Control Flow Integrity, or HA-CFI.

Utilizing hardware to stop attackers earlier and without disruption

Instead of focusing on those known exploit techniques, our research introduces a new method for early detection and prevention of exploits without prior knowledge of the vulnerability or technique.

July 20, 2016
Mitigating Stagefright Attacks with the ARM Performance Monitoring Unit
blog-author-image
Posted By:
Categories :

Last summer, Stagefright became a household name after security researcher Joshua Drake highlighted vulnerabilities in the multimedia engine in Android that goes by the same name.

July 13, 2016
ROP is Dying and Your Exploit Mitigations are on Life Support
blog-author-image
Posted By:
Categories :

Current defenses target obsolete offensive techniques, including return-oriented programming. These defenses have limited shelf lives or effectiveness.

Endgame to Present at Black Hat USA 2016

Researchers to Brief Attendees on Hunting for and Blocking Exploits Before Damage and Loss

 

Mac and Windows users threatened by rampant .om domain 'typosquatting'

Typing the wrong URL could lead to malware for Mac and Windows PCs

Pages