Can anybody name a single security product that scans VHD or VHDX contents? Given that Windows doesn't apply the Mark of the Web (MOTW) to VHD(X) contents, and Win10 can open them with a double-click, this seems like an excellent vehicle for deploying evil.
-
Show this thread
-
To answer my own question: ZERO antivirus products on VirusTotal detect the EICAR file contained within a VHD file. So no, I don't think anything is scanning VHD or VHDX contents. https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html …pic.twitter.com/M2rbfuFNKh
5 replies 19 retweets 37 likesShow this thread -
Replying to @wdormann @MisterCh0c
can i get a copy of that file? i wanna test some mail filters.
2 replies 0 retweets 1 like -
This Tweet is unavailable.
-
Replying to @MisterCh0c @wdormann
im using vboxmanage convertfromraw and will do some experiments.
1 reply 0 retweets 1 like -
but the image needs ntfs or fat right?
1 reply 0 retweets 1 like -
you need to test a real world example I think. ntfs as file system.
1 reply 0 retweets 0 likes -
The VHD(X) container can contain any filesystem that Windows can grok.
1 reply 0 retweets 1 like -
so basically... 2 of them.
1 reply 0 retweets 1 like
I don't know about that. I'd say that you have your choice of FAT, FAT32, exFAT, NTFS, UDF, or ReFS.pic.twitter.com/bJnwKDn6Y5
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.