Reportar una Violación
Customer Portal
RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
← Volver a Laboratorios
Medium
Bypass
Privilege Escalation
Windows, Sysmon, EDR

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

Desarrollado por Nightmare-Eclipse, el mismo investigador responsable de BlueHammer, RedSun es un exploit de día cero sin parche para la escalada de privilegios a nivel local. Aprovecha la lógica de corrección de Microsoft Defender mediante oplocks y junctions, lo que le permite obtener privilegios de sistema al colocar binarios maliciosos en directorios protegidos.

Download PDF

labs correlati

When Forensics Becomes Offensive: Abuse of FTK Imager in the STAC3725 Tradecraft
Medium
Bypass, Campaign
Defense Evasion
Windows, Sysmon, EDR

When Forensics Becomes Offensive: Abuse of FTK Imager in the STAC3725 Tradecraft

Scopri di più
Learn more
BlueHammer windows Zero-Day
Medium
Bypass
Privilege Escalation
Windows, Sysmon, EDR

BlueHammer windows Zero-Day

Scopri di più
Learn more
Weaponizing Windows Toast Notifications Abuse of ToastNotify.exe for Phishing and Credential Coercion
Medium
Bypass
Defense Evasion
Windows, Sysmon, EDR

Weaponizing Windows Toast Notifications: Abuse of ToastNotify.exe for Phishing and Credential Coercion

Scopri di più
Learn more
1 2 3 5

Contacto

Proteja su negocio

Conózcanos
Sorint.Sec España
A/c Norrsken House Barcelona
Passeig del Mare Nostrum, 15
Ciutat Vella, 08039
Barcelona


+34 691 748976
info@sorintsec.es
Pages
Certificaciones
chevron-right