CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

2/4/2021

New UAC bypass: Microsoft for Endpoint (Defender ATP in BlockMode) Wrongly Classifies the Threat as Blocked

Sensors ingested a new UAC bypass that leverages the AutoElevate attribute for Microsoft signed binary, ComputerDefaults.exe. We tested the bypass against Microsoft for Endpoint in BlockMode which was ineffective. More worrisome, the EDR showed that the threat had been “Blocked” which was inaccurate, as we were even able to execute the exact same binary (UAC bypass) multiple times, that remained on disk. This goes to show, technology still can’t take the place of trained humans required for post-investigation response.  
 
UAC Bypass: 0xyg3n/UAC_Exploit: Escalate as Administrator bypassing the UAC affecting administrator accounts only. (github.com)

 
#cyberthreatintelligence #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.