Windows Defender Can’t Defend You Anymore

Windows Defender, which is by default an anti-threat software for Windows operating system can be bypassed using a technique called Illusion Gap. Security Researchers at CyberArk on this Thursday published a blog post explaining about this new technique of bypassing Windows Defender called Illusion Gap.

(Windows Defender is widely used as a default anti-malware program in windows systems and people rely on it a lot.)

The Researchers in their report mentioned that they encountered a strange behavior in the file scanning process of Windows Defender.

“Imagine a situation where you double-click a file and Windows loads that file, but your Antivirus scans another file or even scans nothing at all. Sounds weird, right? Depends on who you ask; the folks at Microsoft Security Response Center (MSRC) think there should be a feature request to handle this situation.” said Security Researcher at CyberArk in their Blog post.

 

Attack Process

 

All you have to do is make the target execute a file which is hosted in the attackers’ server. When a target runs the malicious file, windows will request a copy of the file to attackers SMB server for Windows PE loader (Windows task building process), Windows Defender also requests a copy of the file to the SMB server for scanning it, when the request is made from Windows Defender the server will either deny the request or will send a clean file for scanning.

Here is a pictorial representation of the explanation by CyberArk.

 

image credits cyberark

Researchers still haven’t tested this technique on other anti-viruses.

 

Note: For PDF’s on Kali Linux and its tools follow this link.

Support Us!

Please consider downloading Brave Browser by downloading Brave Browser through our website you won’t only be downloading a great privacy browser you will also be supporting (HackingVision.com). We are not using Google Ads as we respect our users privacy. We encourage you to use an Ad-blocker or a browser that has a built in ad-blocker and other privacy features such as VPN.

Download Brave browser

Spread the love

Please consider downloading Brave Browser by downloading Brave Browser through our website you won’t only be downloading a great privacy browser you will also be supporting (HackingVision.com). We are not using Google Ads as we respect our users privacy. We encourage you to use an Ad-blocker or a browser that has a built in ad-blocker and other privacy features such as VPN.

Download Brave browser

yoast seo premium free