15 Posts

Mark Yason

Security Researcher, IBM X-Force

Mark Vincent Yason is a security researcher on IBM’s X-Force Advanced Research team. Mark’s current focus area is vulnerability and exploit research – he analyzes known vulnerabilities, discovers new vulnerabilities, studies exploitation techniques, and creates detection guidance/algorithms which are used in the development of IDS/IPS signatures. He also previously worked on malware research which naturally involved some degree of software protection research. He authored the paper “The Art of Unpacking” and co-authored the papers “Reversing C++”, “Playing In The Reader X Sandbox” and “Digging Deep Into The Flash Sandboxes”.

Written By Mark Yason

Target Data Breach: Understand and Detect Kaptoxa POS Malware

A inside look at the Kaptoxa/BlackPOS malware, which is believed to be used in the massive Target data breach, with the goal of understanding how it operates and finding ways to detect its network activity.

Diving Into IE 10’s Enhanced Protected Mode Sandbox at HITB 2013

With the release of Internet Explorer 10 in Windows 8, an improved version of IE’s Protected Mode sandbox, called Enhanced Protected Mode (EPM), was introduced. With the use of the new AppContainer process isolation mechanism introduced in Windows...

When Characters Turn Bad: String Sanitation Bypass via Best-Fit Mappings

If you’re working on software that converts strings from one character set to another, such as when performing UNICODE to ANSI string conversions, you may have probably heard about best-fit mapping conversions.

Use-after-frees: That pointer may be pointing to something bad

If you look at the last few Internet Explorer security bulletins, you'll notice that many of the patched vulnerabilities were use-after-frees (or UAFs) . Use-after-free is still a common bug class because the task of manually identifying them,...

A Buffer Overflow and Two Sandbox Escapes

Hi Everyone, Mark Yason here from IBM X-Force. Last month, we saw the first in-the-wild exploit capable of escaping the Adobe Reader sandbox, a security feature added in Adobe Reader in 2010 to limit the impact of successful exploitation of...

Co-Written By Mark Yason