Windows 11 safe? bypass Windows Defender


As it seems that Windows Defender Windows 11 can be bypassed, allowing malware to bypass the sandbox and gain access to the operating system.

Security researcher @ an0n_r0 describes the security gap with very little information, but allows various conclusions to be drawn.
windows 11metasploit

The researcher chose Windows 11 to test its security Windows Defender. His goal was to escape the sandbox, which is supposed to isolate malicious code. So he wrote an encrypted shell that sends the malicious code to memory.

The whole process can be activated remotely. In the following tweet, the screenshots show that all the steps of the attack worked and the shell code was able to recover data from Windows and display it in a window.

The security investigator did not provide further details on how he accomplished these steps, but said he was "working with Meterpeter."

Meterpreter is a payload for attacks through Metasploit. Provides an interactive shell, through which an attacker can explore the target computer and run code.

The Meterpreter works using DLL injection in memory and the malicious code is loaded entirely into memory. It does not write anything to the hard disk, nor does it create new processes. So the imprint of such an attack is very limited.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news