LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service RaaS operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initia...

Microsoft Windows Defender Elevation of Privilege Vulnerability (CVE-2020-1163 & CVE-2020-1170)

The version of Microsoft Windows Defender component MpCmdRun.exe installed on the remote Windows host is prior to 4.18.2005.1. It is, therefore, affected by a elevation of privilege vulnerability which could allow an attacker who successfully exploited this vulnerability to elevate privileges on...

Disable Windows Defender Signatures

This module with appropriate rights let to use the Windows Defender command-line utility a run and automation tool mpcmdrun.exe in order to disable all the signatures available installed for the compromised machine. The tool is prominently used for scheduling scans and updating the signature or...