
← Back to Labs
← Volver a Labs
Medium
Bypass
Privilege Escalation
Sysmon, Windows
RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
Developed by Nightmare-Eclipse, the same researcher of BlueHammer, RedSun is an unpatched local privilege escalation zero-day. It weaponizes Microsoft Defender’s remediation logic through oplocks and junctions, granting SYSTEM privileges by dropping malicious binaries into protected directories.



