December 12 meeting info
TactiFail
Hello Hackers!
This last month of 2024 we are joined by @Bajiri
who will be presenting their talk “Bypassing EDR Constraints via
WSL 2”:
> Windows Subsystem for Linux version 2
can be utilized to bypass logging and detection, as well as
network containment functions, of a major EDR vendor. This
bypass is incredibly simple to execute, and several rounds of
escalating tests show that this flaw in monitoring is easily
exploited to execute malware on the host device undetected. When
contacted about this issue, the vendor said they don’t support
WSL2 or have any plans to fix their broken network containment
/shrug
> I am a SOC analyst, but I spend most of my time brain
rotting in front of a computer and getting paid for it. I really
like writing and researching malware too! Any time I am not
doing cyber things, I’m usually playing FFXIV or other MMOs.
Meeting will be on Discord. If you need an invite, look no
further: https://discord.gg/HYzJcfVGjH
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early
and chat.
— TactiFail
https://dc612.org/index.php/2024/12/10/thursday-december-12th-612pm-discord/