Can anybody name a single security product that scans VHD or VHDX contents? Given that Windows doesn't apply the Mark of the Web (MOTW) to VHD(X) contents, and Win10 can open them with a double-click, this seems like an excellent vehicle for deploying evil.
-
-
I've written a blog post to elaborate on the concept of VHD and VHDX files being dangerous: https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html …pic.twitter.com/sDHl6UPM9O
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Nice test of filetypes testset you have there! Some time ago I was trying to map different attack vectors: https://uperesia.com/malicious-dropper-as-an-attack-vector … . Any chance you are willing to share that test zip file? Seems to have some filetypes I've overlooked :-)
- 2 more replies
New conversation -
-
-
MS is apparently targeting introducing some MOTW protection-related improvements to Windows desktop in very near future (brought over from Win 10 S), as apparently to be discussed at Ignite. Don't suppose the VHD vector might be one of those things to be addressed,
@dwizzzleMSFT?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Last I checked/used it, these make for nice ways to skirt around the Office OLE file block list as well.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.