þēodrīċ, norþes ecghlāfordApr 22
Look at this fantastic piece of advice from Microsoft! https://learn.microsoft.com/en-au/answers/questions/2007466/are-costs-incurred-when-attempting-to-scan-passwor
Show threadKR3ST3N 🌻

@theodric @phloggen Fantastic advice. I also noted that files larger than 2GB are exempt from scanning?!?

Thanks. I’ll just add 2GB of randomness before my payload, then…

Checkmark security (or compliance for some) at its best. 👍

Apr 22 at 7:54pmWeb
Show threadHannekeApr 23
@kr3st3n @theodric @phloggen yeah but it also says “Ensure that the size of the password-protected zip files does not exceed the 2 GB limit to avoid unnecessary consumption of the scanning quota.”??
Show threadHazelnootApr 23
@kr3st3n @theodric @phloggen this is an actual technique that works against many commercial AV and EDR solutions
Show threadHazelnootApr 23
@kr3st3n @theodric @phloggen a related one is to generate a bunch of very large benign archives to flood the scan queue before it picks up your payload, giving it time to execute before the system flags it.