þēodrīċ, norþes ecghlāfordApr 22
Look at this fantastic piece of advice from Microsoft! https://learn.microsoft.com/en-au/answers/questions/2007466/are-costs-incurred-when-attempting-to-scan-passwor
Show threadKR3ST3N 🌻Apr 22

@theodric @phloggen Fantastic advice. I also noted that files larger than 2GB are exempt from scanning?!?

Thanks. I’ll just add 2GB of randomness before my payload, then…

Checkmark security (or compliance for some) at its best. 👍

Show threadHazelnootApr 23
@kr3st3n @theodric @phloggen this is an actual technique that works against many commercial AV and EDR solutions
Show threadHazelnoot
@kr3st3n @theodric @phloggen a related one is to generate a bunch of very large benign archives to flood the scan queue before it picks up your payload, giving it time to execute before the system flags it.
Apr 23 at 2:27pmWeb