...In this talk we will present our journey starting with a deep dive into Windows Defender architecture, the signature database format and the signature update process, focusing on the security verification logic. We will present how an adversary can totally own any Windows agent and server in the world by exploiting a powerful 0day vulnerability that even we didn't expect to discover. Enterprise machines are also at risk since the vulnerability affects Microsoft 365 Defender as well....
By: Omer Attias , Tomer Bar
Full Abstract and Presentation Materials: www.blackhat.c...