Notes on security
I’ve worked a lot with Microsoft Defender Antivirus, and particularly with the Attack Surface Reduction feature. Having built up some understanding of its inner workings with the help of other online literature on the topic, it occurred to me that some of the previous work I’d performed using command line tampering could prove useful in …
Continue reading “Microsoft Defender ASR Bypass using Command Line Tampering”
While studying AppLocker in recent months, I’ve had the opportunity to delve into the world of Living -off-the-land Binaries (LOLbins), particularly those which are of particular use as Application Whitelisting Bypass tools. Windows LOLbins are catalogued in several places, not least of which is the LOLBAS project (https://github.com/LOLBAS-Project/LOLBAS). This project provides a comprehensive definition of …
Continue reading “Microsoft Teams and other Electron Apps as LOLbins”
L<<K 