Bromium: Event Handling Using Interupts

Dissecting the POP SS Vulnerability

The newly uncovered POP SS vulnerability takes advantage of a widespread misconception about behaviour of pop ss or mov ss instructions resulting in exceptions when the instruction immediately following is an interrupt. It is a privilege escalation, and as a result it assumes that the attacker has some level of ... Read More
How Bromium Virtualization Provides Protection from Meltdown and Spectre

Anatomy of Meltdown – A Technical Journey

This blog reviews the details of Meltdown and discusses the inherent immunity for end users provided by Bromium’s architecture. Meltdown is an Intel CPU vulnerability leveraging speculative execution which gives an attacker-controlled process the ability to read arbitrary memory belonging to the kernel. Although it doesn’t allow for an attacker ... Read More
Bromium Helps You Defeat Ransomware

The Emotet Banking Trojan: Analysis of Dropped Malware Morphing at Scale

We analyzed samples containing the Emotet banking trojan and broke down the findings in a side-by-side comparison. Malware authors are repacking their malicious software into a unique executable for each potential victim, avoiding any-and-all signature-based detection. Repacked dropped executables on this scale are unprecedented, and this is why application isolation ... Read More