{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Bypassing Antivirus: What Defendnot Reveals About the Weak Spots in Windows Security","html":"","width":"100%","height":180,"duration":1192,"description":"In this episode, we dissect one of the most advanced Windows security evasion tools released in recent memory: Defendnot. Designed to exploit undocumented Windows Security Center APIs, this tool disables Windows Defender by impersonating a trusted antivirus and injecting its code into Microsoft-signed Task Manager. We explore how Defendnot bypasses Protected Process Light and security signatures, effectively neutering the built-in antivirus on Windows systems.The discussion broadens to cover the common antivirus and EDR detection mechanisms — including static analysis, AMSI, ETW, API hooking, IAT inspection, and behavioral monitoring — and the sophisticated techniques attackers now use to bypass them. From DLL injection and reflective loading to direct/indirect syscalls and anti-sandbox checks, we break down the tools and tactics adversaries use to slip past enterprise defenses.We also discuss the broader implications of tools like Defendnot: how trusted Windows infrastructure is being turned against itself, why these attacks are difficult to mitigate, and what the security community needs to consider moving forward. Whether you're a red teamer, blue teamer, or somewhere in between, this episode is your technical crash course on how modern endpoint protection is being circumvented — and what that means for defenders.","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}