Defender-Pretender - When Windows Defender Updates Become a Security Risk

Explore a critical security vulnerability in Windows Defender and Microsoft 365 Defender through this 39-minute Black Hat conference talk. Dive deep into the Windows Defender architecture, signature database format, and update process, with a focus on security verification logic. Discover how adversaries can exploit a powerful 0day vulnerability to compromise Windows agents and servers worldwide. Learn about the potential risks to enterprise machines using Microsoft 365 Defender. Presented by Omer Attias and Tomer Bar, this eye-opening session reveals the unexpected security implications of Windows Defender updates and provides valuable insights for cybersecurity professionals and IT administrators.

Defender-Pretender: When Windows Defender Updates Become a Security Risk