redsun

We have hosted the application redsun in order to run this application in our online workstations with Wine or directly.

Quick description about redsun:

RedSun is a proof-of-concept security project that demonstrates a critical privilege escalation vulnerability in Microsoft Defender by exploiting unintended file-handling behavior. The tool leverages how Defender processes files tagged with cloud metadata, where instead of removing malicious files, the antivirus may rewrite them to their original location. By carefully manipulating this process, the exploit enables attackers to overwrite protected system files and gain SYSTEM-level privileges from a low-privilege account. The repository provides a minimal C++ implementation that showcases this behavior for research and educational purposes. It highlights flaws in endpoint protection logic and emphasizes how race conditions and file system interactions can be abused. The project is not designed as a full framework but as a focused demonstration of a real-world vulnerability. It serves as a stark example of how defensive systems can be turned into attack vectors.

Features:

• Proof-of-concept privilege escalation exploit
• Abuse of Microsoft Defender file rewrite behavior
• Demonstration of SYSTEM-level access escalation
• Use of cloud file metadata handling flaws
• Lightweight C++ implementation
• Focus on vulnerability research and education

Programming Language: C++.
Categories: