Mark Yason

Security Researcher, IBM X-Force

Mark Vincent Yason is a security researcher on IBM’s X-Force Advanced Research team. Mark’s current focus area is vulnerability and exploit research – he analyzes known vulnerabilities, discovers new vulnerabilities, studies exploitation techniques, and creates detection guidance/algorithms which are used in the development of IDS/IPS signatures. He also previously worked on malware research which naturally involved some degree of software protection research. He authored the paper “The Art of Unpacking” and co-authored the papers “Reversing C++”, “Playing In The Reader X Sandbox” and “Digging Deep Into The Flash Sandboxes”.

Software Vulnerabilities July 29, 2016

Read From PDF, Write to Edge’s Memory (CVE-2016-0117)

3 min read - CVE-2016-0117 can be exploited to perform an arbitrary write to Edge's content process memory, a critical element for remote code execution.

Software Vulnerabilities April 28, 2016

Understanding EdgeHTML’s Attack Surface and Exploit Mitigations

5 min read - EdgeHTML's large attack surface can be daunting for users. Learn more about possible attacks as well as exploit mitigations that enhance security.

Software Vulnerabilities March 2, 2016

WinRT PDF: A Potential Route for Attacking Edge

4 min read - Vulnerabilities in the WinRT PDF tool in the new Microsoft Edge browser could allow cybercriminals to carry out expensive exploits.

Software Vulnerabilities August 3, 2015

MemGC: Use-After-Free Exploit Mitigation in Edge and IE on Windows 10

3 min read - When used effectively, MemGC could help reduce the number of use-after-free vulnerabilities that plague Edge and Internet Explorer in Windows.

Advanced Threats March 10, 2015

Understanding Regin’s Plugin Framework: Part 2

7 min read - In the second part of this two-part series, IBM's Mark Yason discusses in more depth the Regin plugin framework hosted in the dispatcher module.

Advanced Threats February 10, 2015

Reviving the Regin Dispatcher Module: Part 1

6 min read - After reviving the Regin dispatcher module, Mark Yason ended up with a malware sample that was suitable for both static and dynamic analysis.

Software Vulnerabilities December 8, 2014

CVE-2014-0195: Adventures in OpenSSL’s DTLS Fragmented Land

7 min read - Here is a look at the remote code execution bug in OpenSSL's DTLS, how it works and the different ways cybercriminals might leverage it for exploitation.

Software Vulnerabilities August 29, 2014

Understanding IE’s New Exploit Mitigations: The Memory Protector and the Isolated Heap

6 min read - In response to two attacks, new Internet Explorer exploit mitigations were released to increase the cost of exploiting IE use-after-free vulnerabilities.

Software Vulnerabilities April 8, 2014

A Peek into IE’s Enhanced Protected Mode Sandbox

7 min read - IE 10 Enhanced Protected Mode (EPM) sandbox research that was presented at Hack in the Box 2013 and the Black Hat Asia 2014 security conferences. Summary of findings and discussion of the most important points and related resources to find…

Software Vulnerabilities March 19, 2014

Diving Into IE 10’s Enhanced Protected Mode Sandbox at Black Hat Asia 2014

2 min read - If you’re using Internet Explorer in immersive mode on Windows 8/8.1 to browse Internet web sites, under the hood, your browser will be running inside the Enhanced Protected Mode sandbox. Enhanced Protected Mode (EPM) is the sandboxing mechanism in IE…

Banking & Finance January 23, 2014

Target Data Breach: Understand and Detect Kaptoxa POS Malware

7 min read - A inside look at the Kaptoxa/BlackPOS malware, which is believed to be used in the massive Target data breach, with the goal of understanding how it operates and finding ways to detect its network activity.

X-Force June 18, 2013

When Characters Turn Bad: String Sanitation Bypass via Best-Fit Mappings

3 min read - If you’re working on software that converts strings from one character set to another, such as when performing UNICODE to ANSI string conversions, you may have probably heard about best-fit mapping conversions.

Failed to load data

Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

Cybersecurity News By Topic By Industry Exclusive Series Threat Research Podcast Events Contact About Us

Security Intelligence

{{title}}

{{title}}

{{title}}

{{title}}

Topics

Mark Yason

Read From PDF, Write to Edge’s Memory (CVE-2016-0117)

Understanding EdgeHTML’s Attack Surface and Exploit Mitigations

WinRT PDF: A Potential Route for Attacking Edge

MemGC: Use-After-Free Exploit Mitigation in Edge and IE on Windows 10

Understanding Regin’s Plugin Framework: Part 2

Reviving the Regin Dispatcher Module: Part 1

CVE-2014-0195: Adventures in OpenSSL’s DTLS Fragmented Land

Understanding IE’s New Exploit Mitigations: The Memory Protector and the Isolated Heap

A Peek into IE’s Enhanced Protected Mode Sandbox

Diving Into IE 10’s Enhanced Protected Mode Sandbox at Black Hat Asia 2014

Target Data Breach: Understand and Detect Kaptoxa POS Malware

When Characters Turn Bad: String Sanitation Bypass via Best-Fit Mappings

{{{title}}}