Cedric Cochin

Cedric Cochin is a Senior Security Architect, CyberThreat SME; and a Senior Principal Engineer on McAfee’s Future Threat Defense Technologies team. He 20 years of experience in information security. Cochin’s primary mission is to provide expertise to McAfee teams and serve as an expert on cybersecurity threats, understand the threat landscape and technologies to defeat threats, and to guide and facilitate the development of security solutions. He drives innovation and the authoring of proofs of concept to address complex and modern threats.

Subscribe to Cedric Cochin Blogs

More from Cedric Cochin

McAfee Labs

The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End?

In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have understood the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled, and some issues ...

McAfee Labs

The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land

In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled. In this 2nd post we try to abuse applications that do not work well ...

McAfee Labs

The Twin Journey, Part 1

Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted our curiosity to investigate the potential to use CS as a mean of obfuscation or WYSINWYG (What You See is NOT What you Get). While CS was our entry point, ...

McAfee Labs

In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass

Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution’s (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee’s Advanced Threat ...

McAfee Labs

Microsoft Cortana Allows Browser Navigation Without Login: CVE-2018-8253

A locked Windows 10 device with Cortana enabled on the lock screen allows an attacker with physical access to the device to do two kinds of unauthorized browsing.

McAfee Labs

Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)

June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates.

Subscribe to McAfee Securing Tomorrow Blogs