Abusing Windows Container Isolation Framework to avoid detection by security products
Security Affairs
AUGUST 31, 2023
Because we can override files using the IO_REPARSE_TAG_WCI_1 reparse tag without the detection of antivirus drivers, their detection algorithm will not receive the whole picture and thus will not trigger.” Scan files with the tag in the PRE_CLEANUP function even if they were not altered. ” continues the report.
Let's personalize your content