This wasn’t a simple feat as Home windows has checks to make sure the antivirus is actual, involving registry names and signed binaries. The researcher used instruments like dnSpy, Course of Monitor, and handbook inspection to see how reputable antivirus instruments behaved when registering with WSC.
“From my final yr’s courtesy, I knew that WSC was in some way validating the method that calls these APIs, my guess was that they’re validating the signatures, which was certainly an accurate guess,” es3n1n added.
es3n1n’s earlier mission, no-defender, was faraway from GitHub following a DMCA takedown request by the software program vendor.
