Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invisible ransomware via DefineDosDevice #17

Open
CHEF-KOCH opened this issue Nov 21, 2019 · 0 comments
Open

Invisible ransomware via DefineDosDevice #17

CHEF-KOCH opened this issue Nov 21, 2019 · 0 comments
Assignees
Labels
Projects

Comments

@CHEF-KOCH
Copy link
Owner

@CHEF-KOCH CHEF-KOCH commented Nov 21, 2019

feefff

Background

MS answer

"The technique described is not a security vulnerability and does not satisfy our Security Servicing Criteria. Controlled folder access is a defense-in-depth feature and the reported technique requires elevated permissions on the target machine."

POC page and tool

Paper

Video

https://youtu.be/S2On-R6ecik

Protection

MS refuses to fix it and Microsoft's Controlled Folder Access (CFA) is only useful as long no exception is within the protected folder e.g. /Desktop.

However, a HIPS based AV (including WD, Comodo's etc) should detect it.

@CHEF-KOCH CHEF-KOCH self-assigned this Nov 21, 2019
@issue-label-bot issue-label-bot bot added the Bug label Nov 21, 2019
Repository owner deleted a comment from issue-label-bot bot Nov 21, 2019
@CHEF-KOCH CHEF-KOCH removed the Bug label Nov 21, 2019
@CHEF-KOCH CHEF-KOCH added this to Ransomware in Malware Jan 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Malware
Ransomware
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.