Black & White Path

Apr 17, 2026 · Information Security

RedSun PoC Uses Windows Defender Tag to Overwrite Files and Escalate Privileges

The RedSun proof‑of‑concept demonstrates that when Windows Defender detects a malicious file marked with a cloud‑based detection tag, it may rewrite the file to its original location instead of isolating it, allowing an attacker to replace system files and obtain administrator privileges.