Windows 11 safe? bypass Windows Defender

As it seems that Windows Defender Windows 11 can be overridden, allowing some software to bypass the sandbox and gain access to the operating system.

X X X X X X X X X X X X X X X X @an0n_r0 describes the security gap with very little information, but allows for various conclusions to be drawn.
windows 11 metasploit

The researcher chose Windows 11 to test its security Windows Defender. His goal was to escape the sandbox, which is supposed to isolate malicious code. So he wrote an encrypted shell that sends the malicious code to memory.

The whole can be activated remotely. In the tweet below, the screenshots show that all the steps of the attack worked and the shellcode was able to retrieve data from Windows and display it in a window.

The security investigator did not provide further details on how he accomplished these steps, but said he was "working with Meterpeter."

Meterpreter is a payload for attacks through Metasploit. Provides an interactive shell, through which an attacker can explore the target computer and run code.

The Meterpreter works using DLL injection in memory and the malicious code is loaded entirely into memory. It does not write anything to the hard disk, nor does it create new processes. So the imprint of such an attack is very limited.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Windows Defender, Windows 11, iguru, Metasploit

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).