Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions

Gal Elbaz

0 vote(s)

Up to these days, running Linux on Windows sounded like a bad joke or some fairytale story... Well not anymore! Since Windows 10 Anniversary update, Linux subsystem was added to Windows.

Windows Subsystem for Linux (WSL) is the name of Microsoft’s feature, WSL goal is making the popular Linux “Bash” terminal available for Windows OS users, but this feature goes far beyond having the familiar Linux “Bash” it is a complete compatibility layer for running an environment that looks and behaves just like Linux.

In addition to the new technologies that came with this new feature, a series of new and unknown security issues have also been added to the world of Windows operating system, such issues that presents a new challenge to many security vendors who have not yet adjusted their products to deal with this new environment.

In this talk we will present “Bashware”, a cross platform technique that leverages the underlying mechanism of the WSL feature in order to run invisibly malicious code that bypasses the current security solutions out there.

Will talk about the limitations and challenges of our research, the design and vulnerabilities of WSL and also demonstrate a live POC of “Bashware” technique on a random leading vendor in the antivirus space.

Related links:

https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/

https://www.facebook.com/checkpointsoftware/videos/10155842991662049/

https://thehackernews.com/2017/09/windows-10-linux-evade-malware.html

https://motherboard.vice.com/en_us/article/xwwexa/windows-10s-built-in-linux-shell-could-be-abused-to-hide-malware-researchers-say

https://krebsonsecurity.com/2017/10/microsofts-october-patch-batch-fixes-62-flaws/

===

Security Expert, part of Research Team at Check Point Security Technologies, with vast experience in both PC and mobile fields. Specializes in vulnerability assessment & exploit development.