Tagged articles

Windows Defender

5 articles · Page 1 of 1
Black & White Path
Black & White Path
Jun 13, 2026 · Information Security

GreatXML Attack Shows BitLocker Encryption Can Be Bypassed with Physical Access

GreatXML, a new BitLocker bypass disclosed by researcher Nightmare Eclipse, exploits Windows Defender’s offline scan to gain unrestricted access to encrypted volumes via the recovery partition, requiring only physical access or write rights, and undermines the assumed security of BitLocker‑TPM protection.

BitLockerGreatXMLPhysical Access Attack
0 likes · 6 min read
GreatXML Attack Shows BitLocker Encryption Can Be Bypassed with Physical Access
Black & White Path
Black & White Path
Apr 19, 2026 · Information Security

Why Security Researchers Deserve Respect: Lessons from the 2026 Windows Defender Zero‑Day Fallout

In April 2026 a trio of Windows Defender zero‑day bugs—BlueHammer, RedSun and UnDefend—were publicly disclosed after Microsoft’s Security Response Center repeatedly ignored the researcher’s reports, sparking a debate over responsible disclosure, corporate trust, and the urgent need to respect security professionals.

BlueHammerMicrosoftSecurity Research
0 likes · 6 min read
Why Security Researchers Deserve Respect: Lessons from the 2026 Windows Defender Zero‑Day Fallout
Black & White Path
Black & White Path
Apr 17, 2026 · Information Security

RedSun PoC Uses Windows Defender Tag to Overwrite Files and Escalate Privileges

The RedSun proof‑of‑concept demonstrates that when Windows Defender detects a malicious file marked with a cloud‑based detection tag, it may rewrite the file to its original location instead of isolating it, allowing an attacker to replace system files and obtain administrator privileges.

Local Privilege EscalationRedSunSecurity Research
0 likes · 1 min read
RedSun PoC Uses Windows Defender Tag to Overwrite Files and Escalate Privileges
IT Services Circle
IT Services Circle
Mar 13, 2022 · Information Security

Enabling Microsoft MAPS Advanced Protection in Windows Defender

This article explains why Windows Defender is generally sufficient, how security professionals can unlock the hidden Microsoft Advanced Protection Service (MAPS) via Group Policy or PowerShell, and provides additional configuration tips for ransomware protection, signature updates, and cloud‑based blocking.

Malware ProtectionWindows Defendergroup-policy
0 likes · 6 min read
Enabling Microsoft MAPS Advanced Protection in Windows Defender