A few months ago, we came across a critical vulnerability in a popular security product that could act as a vehicle for a threat actor to bypass the protections of the underlying Windows system. This was only the tip of the iceberg.A deeper research revealed this issue to be present in a multitude of common Anti-Virus (AV) products. This was not something to ignore. In fact, we can assume that apart from AV products, other security products such as Data Loss Prevention (DLP) and other intrusive non-security related products such as app-performance solutions, may potentially rely on this malpractice.Making matters worse, we found a second malpractice in intrusive products which simplifies the process for threat actors to run their exploits.During the following few months we notified popular vendors and collaborated with them on a solution. In a coordinated effort, various vendors have fixed their products and released the necessary patches. In this talk we reveal a detailed description of the vulnerability and its impact. Additionally, we release a tool that the audience can use to validate whether their systems are now secure from this vulnerability.

Back to BSides San Francisco 2016 video list