skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Windows Defender Exploited to Bypass Cybersecurity Measures

/ 1 min read

🕵️‍♂️ Researchers reveal how Windows Defender can be weaponized against cybersecurity defenses. Jonathan Beierle and Logan Goins have identified a method for adversaries to exploit Microsoft’s Windows Defender Application Control (WDAC) to disable Endpoint Detection and Response (EDR) systems, undermining traditional security measures. Their research outlines a three-phase approach where attackers can deploy malicious WDAC policies to block EDR software, effectively neutralizing security tools. They developed a tool called Krueger to facilitate this process, allowing attackers to remotely disable EDR across networks. The researchers emphasize the difficulty in detecting such attacks and recommend organizations enforce strict WDAC policies and regularly verify configurations to mitigate risks. They caution that while WDAC is a valuable defensive tool, it can also be misused offensively.

Source
{entry.data.source.title}
Original