ericlaw

Exploiting Vulnerable Drivers

Often, attackers will attempt to prevent security software from interfering with their attack chains by abusing a vulnerable driver to kill or otherwise disable the system’s security software (antivirus/edr/etc). Because drivers run in highly-privileged OS Kernel mode, it is difficult to prevent attackers from achieving their goals if they manage to achieve code execution inContinue reading “Exploiting Vulnerable Drivers”

Smart App Control

Users of modern versions of Windows 11 have a powerful security feature for keeping their devices secure, known as Smart App Control. I’ve talked about this feature a few times over the last year, but in April 2026, a powerful improvement landed. Previously, Smart App Control could not be turned back on if you everContinue reading “Smart App Control”

Attack Techniques: RMM Abuse

After you sign up on the Social Security Administration’s website, they’ll send you a yearly email inviting you to check out your benefits. Flipping through my Junk Mail folder this afternoon, I found the following email: It looks reasonably plausible, except for the return address (cuonlineedu.in, a university in India). I’m always game to lookContinue reading “Attack Techniques: RMM Abuse”

Understanding Defender AV Scans

Microsoft Defender Antivirus Defender is intended to operate silently in the background, without requiring any active attention from the user. Because Defender is included for free as a component of Windows, it doesn’t need to nag or otherwise bother the user for attention in an attempt to “prove its value”, unlike some antivirus products thatContinue reading “Understanding Defender AV Scans”

Windows: Choose Where To Get Apps

Modern versions of Windows offer a setting named “Choose where to get apps” which can reduce attack surface by limiting the locations from which applications can be installed. Internally, we’ve called this feature “Smart Install”. By default, this option is set to “Anywhere“, which means that Windows will allow an executable downloaded from the InternetContinue reading “Windows: Choose Where To Get Apps”