RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
← Back to Labs
← Volver a Labs
Medium
Bypass
Privilege Escalation
Sysmon, Windows

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

Developed by Nightmare-Eclipse, the same researcher of BlueHammer, RedSun is an unpatched local privilege escalation zero-day. It weaponizes Microsoft Defender’s remediation logic through oplocks and junctions, granting SYSTEM privileges by dropping malicious binaries into protected directories.

labs correlati

Contacts

Get in touch with us

Contact Us
chevron-right