Hello Hackers!
This last month of 2024 we are joined by @Bajiri who will be presenting their talk “Bypassing EDR Constraints via WSL 2”:
Windows Subsystem for Linux version 2 can be utilized to bypass logging and detection, as well as network containment functions, of a major EDR vendor. This bypass is incredibly simple to execute, and several rounds of escalating tests show that this flaw in monitoring is easily exploited to execute malware on the host device undetected. When contacted about this issue, the vendor said they don’t support WSL2 or have any plans to fix their broken network containment /shrug
I am a SOC analyst, but I spend most of my time brain rotting in front of a computer and getting paid for it. I really like writing and researching malware too! Any time I am not doing cyber things, I’m usually playing FFXIV or other MMOs.
Meeting will be on Discord. If you need an invite, look no further.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail