Bypass anti-ransomware protection in Defender Antivirus
This video shows a new way to bypass Windows Defender anti-ransomware protection. More similar research is already public on the topic and this is not a vulnerability in Defender AV! ☆ Blocked bypass attempts: PowerShell, Python, AutoIt ★ Known bypasses (APC injection, WMI, Office macros, OLE/COM objects to drive Office executables programmatically) ★New technique: mimic legitimate editors' access via process hallowing and parent spoofing References ~~~~~~~~ Windows 10 enable controlled folder access https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders Microsoft anti-ransomware bypass http://www.securitybydefault.com/2018/01/microsoft-anti-ransomware-bypass-not.html?m=1 Windows 10 Controlled Folder Access Vulnerabilities https://www.nyotron.com/collateral/Nyotron-Windows10-Report-April-2018.pdf --------------------------------------------------------------------------------------------------- Follow us on Twitter : https://twitter.com/reversinghub Github : https://github.com/reversinghub If you liked this video and you want to learn hands-on how to analyse malware, with real samples and practical exercises, find us on Udemy : https://www.udemy.com/course/reverse-engineering-essentials/?referralCode=D738F461C93A2CD029FB --------------------------------------------------------------------------------------------------- Want to support us continue to make great content? Buy us a coffee : https://ko-fi.com/reversinghub Thank you 🙏
This video shows a new way to bypass Windows Defender anti-ransomware protection. More similar research is already public on the topic and this is not a vulnerability in Defender AV! ☆ Blocked bypass attempts: PowerShell, Python, AutoIt ★ Known bypasses (APC injection, WMI, Office macros, OLE/COM objects to drive Office executables programmatically) ★New technique: mimic legitimate editors' access via process hallowing and parent spoofing References ~~~~~~~~ Windows 10 enable controlled folder access https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders Microsoft anti-ransomware bypass http://www.securitybydefault.com/2018/01/microsoft-anti-ransomware-bypass-not.html?m=1 Windows 10 Controlled Folder Access Vulnerabilities https://www.nyotron.com/collateral/Nyotron-Windows10-Report-April-2018.pdf --------------------------------------------------------------------------------------------------- Follow us on Twitter : https://twitter.com/reversinghub Github : https://github.com/reversinghub If you liked this video and you want to learn hands-on how to analyse malware, with real samples and practical exercises, find us on Udemy : https://www.udemy.com/course/reverse-engineering-essentials/?referralCode=D738F461C93A2CD029FB --------------------------------------------------------------------------------------------------- Want to support us continue to make great content? Buy us a coffee : https://ko-fi.com/reversinghub Thank you 🙏