h/t @nyanbinary
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary Reminds me of Taviso's P0 research from a few years ago targeting AV scanning sandboxes/VMs.
-
Ah good. Now I don't have to deal with code signing my app any more.
@argv_minus_one @Viss @nyanbinary I wonder if I can use this to configure winrm so I can remote in and fix the random shit Microsoft keeps breaking.
-
@Viss @nyanbinary Reminds me of Taviso's P0 research from a few years ago targeting AV scanning sandboxes/VMs.
@AlesandroOrtiz @nyanbinary oh yeah, 100%
-
@jlin @nyanbinary i think france, denmark and germany have the right idea - just ditch windows entirely
@Viss @jlin @nyanbinary Ditches have a purpose. They are not for refuse. Put that shit in the trash.
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary Sufficiently advanced Windows services are indistinguishable from malware
-
@Viss @nyanbinary Sufficiently advanced Windows services are indistinguishable from malware
-
@Viss
Though that kinda is always the risk
Antivirus just had the biggest attack surface
@nyanbinary@_GreyWolf @Viss yip, that is correct & you arent going to see me jump the bandwagon of "AV is bad". imo the conclusion then needs to be beyond-rigorous QC. Unfortunately that is something MS has very much lost my trust there, even for components like Defender.
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary
Since I turned off Defender – I've gotten back 1GB of RAM and 15% blocked CPU power – and replaced it with my brain. That's all. -
@_GreyWolf @Viss yip, that is correct & you arent going to see me jump the bandwagon of "AV is bad". imo the conclusion then needs to be beyond-rigorous QC. Unfortunately that is something MS has very much lost my trust there, even for components like Defender.
@nyanbinary @_GreyWolf the chief component here is that its microsofts av and microsofts os.
they have the sourcecode. they have limitless resources. they print money.
but even with all that, they wrote av for their own os.
other vendors dont have anywhere near the same resources, or access to all the sourcecode. its way harder for other vendors
-
@Viss @nyanbinary
Since I turned off Defender – I've gotten back 1GB of RAM and 15% blocked CPU power – and replaced it with my brain. That's all.@mobidic @nyanbinary i wish avg didnt go shitty. it was pretry good for a while
-
@Viss @nyanbinary Sufficiently advanced Windows services are indistinguishable from malware
@catsalad @nyanbinary my favorite is when defender decides another piece of windows is bad and attacks it
-
@catsalad @nyanbinary my favorite is when defender decides another piece of windows is bad and attacks it
@Viss @nyanbinary I mean, it's not wrong...
-
@Viss @nyanbinary I mean, it's not wrong...
@catsalad
Ah, autoimmune issues...
@Viss @nyanbinary -
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary this remind me of the old days when I tricked a Next Gent AV into code execution in very simple way in the same day the vendor was on site for a purple team exercise.
-
@Viss @nyanbinary this remind me of the old days when I tricked a Next Gent AV into code execution in very simple way in the same day the vendor was on site for a purple team exercise.
@sassdawe @nyanbinary i got arcticfox to run meterpreter for me once
-
@Viss @nyanbinary I mean, it's not wrong...
@catsalad @nyanbinary true
-
J jwcph@helvede.net shared this topic
"... Yip!
