✅ Executive Summary:

In this post, our researchers (Daejin Lee, Seunghoe Kim, Donguk Kim, Eugene Jang) analyzed Windows Defender and the root cause of the bug found through fuzz testing.

Introduction

Antiviruses act as a last mitigation for regular users and a challenge for attackers. It can provide cloud, emulator, signature based mitigation systems for malware detection. To bypass such detection mechanisms, attackers can apply various heuristic tricks like binary packing, custom obfuscation, etc. However, these tricks are limited in that they only provide temporary bypass or are OS-dependent. A more potent threat is to bypass the antivirus itself by using a vulnerability in the antivirus software. To mitigate and remediate these cases, such vulnerabilities should be fixed before it is weaponized. So, we decided to venture into one of the most widely used antiviruses: Windows Defender.

👉 You can read the full report in S2W Blog: https://bit.ly/3hniUTc