Google expert fuzzes ports Windows Defender to Linux

Google’ s famous security expert, Tavis Ormandy has ported Window Defender DLLs to Linux with the aid of a new tool that is released on GitHub. The new tool called LoadLibrary and created for the sole purpose of helping security researchers.

Ormandy used the Windows DLLs to port into Linux for vulnerability tests. He made his announcement on Twitter. The loadlibrary’ s sole purpose is to allow researchers to run and load Windows DLLs on Linux with specialized penetration testing tools called fuzz tools or fuzzers. The fuzz tools rely on feeding a software application with random data and analyzing the output for abnormalities.

Ormandy lets loose fuzzing against Windows-based software using Linux platforms. “ The intention is to allow scalable and efficient fuzzing of self-contained Windows libraries on Linux. Good candidates might be video codecs, decompression libraries, virus scanners, image decoders, and so on,” he writes.

The tool contains an environment that includes C++ exception dispatch and unwinding, loading additional symbols from IDA, debugging with gdb, breakpoints, stack traces, running hooking and patching and support for ASAN and valgrind to detect subtle memory corruption bugs.

Ormandy ported the Microsoft Malware Protection Engine (MsMpEng), the security service installed by default on Windows 8, 8.1, 10, Windows Server 2016 operating systems. Of the MsMpEng package, he ported the Mpengine component, responsible for scanning and analyzing malware.

He clears the air by saying that this tool is not intended as a way to run Windows apps on Linux. Nor does it replace Wine or Winelib. This project is only intended to allow native Linux code to load simple Windows DLLs.

Tag : Linux Penetration Testing Tool Windows
FAQ
Q
How can I confirm that Bitdefender GravityZone is connected to Windows Defender Security Center?
A
On a Bitdefender-protected endpoint, trigger a malware detection using an industry standard test file like EICAR. You should be able to view the threat detection event in the Windows Defender Security Center console.
Q
Can I integrate a GravityZone on-premises solution with Windows Defender Security Center?
A
Only GravityZone Cloud-based solutions are supported. Nevertheless, you can sign up here for a trial to evaluate the integration.
Q
Which platforms are supported?
A
Mac:

macOS Sierra (10.12.x)
OS X El Capitan (10.11.x)
OS X Yosemite (10.10.5)
OS X Mavericks (10.9.5)
OS X Mountain Lion (10.8.5)
Linux:

Red Hat Enterprise 6.o or higher
CentOS 6.0 or higher
Ubuntu 12.04 or higher
OpenSUSE 11 or higher
Fedora 16 or higher
Oracle Linux 6.3 or higher
Q
How can I configure the integration between Bitdefender GravityZone Cloud Console and Microsoft Windows Defender Security Center?
A
During the signup procedure, you will be asked to enter the Windows Defender Security Center token. Once saved, the integration is complete
Q
What are the benefits of integrating Bitdefender GravityZone with Microsoft Windows Defender Security Center?
A
The integration allows you to detect, view, investigate, and respond to advanced cyber-attacks and data breaches on macOS and Linux-based endpoints right from within the Windows Defender Security Center management console. You will be able to view comprehensive threat intelligence information, which includes the following:

Detected file (path, size, hash)
Detected threat (type, name, action taken on threat)
Target machine (OS, IP, logged-in user)