Can anybody name a single security product that scans VHD or VHDX contents? Given that Windows doesn't apply the Mark of the Web (MOTW) to VHD(X) contents, and Win10 can open them with a double-click, this seems like an excellent vehicle for deploying evil.
-
Show this thread
-
Replying to @wdormann
Maybe u can script something up via forensic tools like volatility ?
1 reply 0 retweets 0 likes
Replying to @R3nd3r1
Perhaps. But my main goal is to get an understanding of whether or not any enterprise product in the wild has visibility into VHD or VHDX contents before it gets to an endpoint. My hunch is NO.
0 replies
1 retweet
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.