Get Started
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get Started
Back to Resources

Now On Stage! Deep Hooks: Monitoring Native Execution In WOW64 Applications

Video
Now On Stage! Deep Hooks: Monitoring Native Execution In WOW64 Applications

A few months back, we published a 3-part series of blog posts, presenting a research carried out by two of our researchers: Yarden Shafir and Assaf Carlsbad. Find the full research here:
Part 1: http://bit.ly/DeepHooks1
Part 2: http://bit.ly/DeepHooks2
Part 3: http://bit.ly/DeepHooks3
The research introduced a new way of monitoring parts of WoW64 processes that are usually ignored by security products. This blind spot often leads to exploitation by sophisticated pieces of malware. The technique presented in the research can be used to better monitor WoW64 processes, making detection harder to bypass. The research is the basis for some new SentinelOne detection capabilities, for example, detecting the notorious “Heaven’s Gate” bypass technique.

Following its publication, the research drew a lot of interest from the community. The researchers were invited to various cybersecurity conferences to share their insights.

For those of you who are intrigued by WOW64 applications and how to protect them, here is their talk from BSidesTLV. You can also meet them on August 30, at the HITB GSEC 2018 Conference.

-~-

Watch Now
Related Resources
Video
SentinelOne PartnerOne – America’s 2025
Video
Just a Sec: Cybersecurity Unfiltered—Fast, Frank, and From the Front Lines
Video
LABScon24 Replay | A Walking Red Flag (With Yellow Stars) | Cary & Benincasa
Video
LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware | Jim Walter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo