Cybellum – next gen cyber company (it’s not)


2 days ago everybody started talking about DoubleAgent attack that Cybellum supposedly invented and how every Windows OS since Windows XP is screwed. As soon as I read about it, I said "hmmm, where have I seen it before?".

While the rest of the world went on writing sensational news articles, Alex Ionescu summed up it all up in one nice tweet:

Have fun and don't believe in everything you read - too many morons are writing about security these days..

3 thoughts on “Cybellum – next gen cyber company (it’s not)

  1. They rushed to write this "update" 😉

    – To clarify, of course we haven’t discovered the existence of Application Verifier, it’s part of the OS so users can use it. Application Verifier as a hooking technique was discussed long ago as early as 2011. What we discovered and focused about was that AVRF can be used for:
    1. Generic code injection technique that is undetected by AV.
    2. Generic persistence technique that is also undetected by AV.
    3. And most importantly, injecting code directly into the AV while bypassing its self-protection techniques.

    cfr. {hidden link}


Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

 +  5  =  8