Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,717
- Content source
- https://youtu.be/nqXURPzo5KE
Very surprised that his Behavior Blocker and EDR didn't react...
It's a shame that modern AVs don't come with a "Hacker Repellent" feature.Now the question is, are there any AV's out there that are immune to this type of attack?
I do not know yet.Another very interesting test from Mr. Ful, Emsisoft rarely gets tested that I can find.
Now the question is, are there any AV's out there that are immune to this type of attack?
The question should be is this an OS architecture flaw?
If it is done the way I think it’s done, Microsoft documents this as “troubleshooting”. It may be needed when users are experiencing issues with backup software or opening files. It is not a Windows flaw and alone by itself is not enough to trigger behavioural blocking.Not from the Windows OS viewpoint.
Real attackers may attempt to modify portions of the executable or to pack it, which by itself can trigger various detections.
Hi Andy,
did the UAC bypass already happen before you clicked "Yes" on the UAC alert? Iow, if you had clicked No instead or cancelled, the bypass already occurred?
But just like a skilled detective can think like a criminal for solving a crime, you can think like one in creating your bypassesfor solving a crime
Even I could do it, and I am not a criminal genius.
But just like a skilled detective can think like a criminal for solving a crime, you can think like one in creating your bypasses