<![CDATA[h/t @nyanbinary]]>h/t @nyanbinary

so let me get this straight
microsoft defender, the built-in antivirus tool for windows

has a heap based buffer overflow that leads to remote code execution

if you get it to scan a file, and that file is crafted the right way.

the antivirus tool is the carrier for the execution of malware.

]]>https://forum.fedi.dk/topic/25d5f08c-ebb8-4b06-bea0-ec21b2352ad9/h-t-@nyanbinaryRSS for NodeFri, 29 May 2026 20:28:10 GMTWed, 20 May 2026 22:08:50 GMT60<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:34:19 GMT]]>@catsalad @nyanbinary true

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610699058780623https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610699058780623Thu, 21 May 2026 04:34:19 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:34:05 GMT]]>@sassdawe @nyanbinary i got arcticfox to run meterpreter for me once

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610698169747655https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610698169747655Thu, 21 May 2026 04:34:05 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:15:23 GMT]]>@Viss @nyanbinary this remind me of the old days when I tricked a Next Gent AV into code execution in very simple way in the same day the vendor was on site for a purple team exercise.

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/sassdawe/statuses/116610624605805027https://forum.fedi.dk/post/https://infosec.exchange/users/sassdawe/statuses/116610624605805027Thu, 21 May 2026 04:15:23 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:12:23 GMT]]>@catsalad
Ah, autoimmune issues...
@Viss @nyanbinary

]]>https://forum.fedi.dk/post/https://ohai.social/users/gnate/statuses/116610612806691675https://forum.fedi.dk/post/https://ohai.social/users/gnate/statuses/116610612806691675Thu, 21 May 2026 04:12:23 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:05:44 GMT]]>@Viss @nyanbinary I mean, it's not wrong... 😹

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/catsalad/statuses/116610586672237622https://forum.fedi.dk/post/https://infosec.exchange/users/catsalad/statuses/116610586672237622Thu, 21 May 2026 04:05:44 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:01:47 GMT]]>@catsalad @nyanbinary my favorite is when defender decides another piece of windows is bad and attacks it

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610571135436712https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610571135436712Thu, 21 May 2026 04:01:47 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:01:10 GMT]]>@mobidic @nyanbinary i wish avg didnt go shitty. it was pretry good for a while

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610568718673107https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610568718673107Thu, 21 May 2026 04:01:10 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 04:00:34 GMT]]>@nyanbinary @_GreyWolf the chief component here is that its microsofts av and microsofts os.

they have the sourcecode. they have limitless resources. they print money.

but even with all that, they wrote av for their own os.

other vendors dont have anywhere near the same resources, or access to all the sourcecode. its way harder for other vendors

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610566370147480https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116610566370147480Thu, 21 May 2026 04:00:34 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 03:48:36 GMT]]>@Viss @nyanbinary
Since I turned off Defender – I've gotten back 1GB of RAM and 15% blocked CPU power – and replaced it with my brain. That's all.

]]>https://forum.fedi.dk/post/https://mastodon.social/users/mobidic/statuses/116610519294234520https://forum.fedi.dk/post/https://mastodon.social/users/mobidic/statuses/116610519294234520Thu, 21 May 2026 03:48:36 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 03:45:59 GMT]]>@_GreyWolf @Viss yip, that is correct & you arent going to see me jump the bandwagon of "AV is bad". imo the conclusion then needs to be beyond-rigorous QC. Unfortunately that is something MS has very much lost my trust there, even for components like Defender.

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/nyanbinary/statuses/116610509043584353https://forum.fedi.dk/post/https://infosec.exchange/users/nyanbinary/statuses/116610509043584353Thu, 21 May 2026 03:45:59 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 03:41:04 GMT]]>@catsalad @Viss considering the first 5 hits whenever you search any windows executable are "is this malware? "... Yip!

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/nyanbinary/statuses/116610489669467796https://forum.fedi.dk/post/https://infosec.exchange/users/nyanbinary/statuses/116610489669467796Thu, 21 May 2026 03:41:04 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 03:33:03 GMT]]>@Viss @nyanbinary Sufficiently advanced Windows services are indistinguishable from malware

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/catsalad/statuses/116610458131197892https://forum.fedi.dk/post/https://infosec.exchange/users/catsalad/statuses/116610458131197892Thu, 21 May 2026 03:33:03 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 03:04:31 GMT]]>@Viss @jlin @nyanbinary Ditches have a purpose. They are not for refuse. Put that shit in the trash.

]]>https://forum.fedi.dk/post/https://mastodon.social/users/crazyeddie/statuses/116610345951459948https://forum.fedi.dk/post/https://mastodon.social/users/crazyeddie/statuses/116610345951459948Thu, 21 May 2026 03:04:31 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 01:34:06 GMT]]>@AlesandroOrtiz @nyanbinary oh yeah, 100%

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116609990411155570https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116609990411155570Thu, 21 May 2026 01:34:06 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 01:13:11 GMT]]>@argv_minus_one @Viss @nyanbinary I wonder if I can use this to configure winrm so I can remote in and fix the random shit Microsoft keeps breaking.

]]>https://forum.fedi.dk/post/https://mastodon.social/users/nowayeast/statuses/116609908205256749https://forum.fedi.dk/post/https://mastodon.social/users/nowayeast/statuses/116609908205256749Thu, 21 May 2026 01:13:11 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 01:11:47 GMT]]>@Viss @nyanbinary Reminds me of Taviso's P0 research from a few years ago targeting AV scanning sandboxes/VMs.

]]>https://forum.fedi.dk/post/https://infosec.exchange/users/AlesandroOrtiz/statuses/116609902691152640https://forum.fedi.dk/post/https://infosec.exchange/users/AlesandroOrtiz/statuses/116609902691152640Thu, 21 May 2026 01:11:47 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 00:37:58 GMT]]>@Viss @jeffers00n @nyanbinary yay!

Vive la révolution!

(although, evolution preferably... i offer myself to the commons for the cause, lol)

]]>https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609769715215609https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609769715215609Thu, 21 May 2026 00:37:58 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 00:29:47 GMT]]>@mpc3032at @jeffers00n @nyanbinary yeah i wager youre probably in good company here

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116609737518051999https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116609737518051999Thu, 21 May 2026 00:29:47 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 00:27:58 GMT]]>@Viss @jeffers00n @nyanbinary a couple years back i got depressed about softwaring because of this ~'AI' silliness coming down the pike, but of late it is SO BAD i feel incrementally fired up, renewed

riffing wildly, maybe software, because of its peculiar nature (this reified perfection of causality) is a good, stark example of why things should be done by people who love the things...because when not, the error compounds exponentially, and we get *this* (gestures wildly all around)

]]>https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609730366737465https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609730366737465Thu, 21 May 2026 00:27:58 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 00:27:19 GMT]]>@Viss @jeffers00n @nyanbinary aww i remember almost nothing about the book now, but the one lady hacking away feverishly on that was a standout for me at the time, it seemed so cool, in like a 'obvious in retrospect' way... but actually living it derpishly like this is... i dunno 😕

(also, hello fediverse! 2nd ~post, woo! and hello fediverse person... you gave me lovely positive feedback in *minutes*... i like this!)

more ->

]]>https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609727849104126https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609727849104126Thu, 21 May 2026 00:27:19 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 00:24:01 GMT]]>@Viss @nyanbinary

Ah good. Now I don't have to deal with code signing my app any more. 😂

]]>https://forum.fedi.dk/post/https://mastodon.sdf.org/users/argv_minus_one/statuses/116609714876441852https://forum.fedi.dk/post/https://mastodon.sdf.org/users/argv_minus_one/statuses/116609714876441852Thu, 21 May 2026 00:24:01 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 00:09:57 GMT]]>@mpc3032at @jeffers00n @nyanbinary oh boy its been a while since i listened to snowcrash on audiobook.

s'too bad we cant have a "but they're sure to listen to reason" moment

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116609659540746742https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116609659540746742Thu, 21 May 2026 00:09:57 GMT<![CDATA[Reply to h/t @nyanbinary on Thu, 21 May 2026 00:08:30 GMT]]>@jeffers00n @Viss @nyanbinary also a subplot in Snow Crash iirc

]]>https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609653847718672https://forum.fedi.dk/post/https://mastodon.social/ap/users/116609594702103322/statuses/116609653847718672Thu, 21 May 2026 00:08:30 GMT<![CDATA[Reply to h/t @nyanbinary on Wed, 20 May 2026 23:03:46 GMT]]>@Viss @nyanbinary this isn’t even the first time this has happened with Defender

]]>https://forum.fedi.dk/post/https://ohai.social/users/slyborg/statuses/116609399298670872https://forum.fedi.dk/post/https://ohai.social/users/slyborg/statuses/116609399298670872Wed, 20 May 2026 23:03:46 GMT