Demander une démo
Plateforme
Pourquoi SentinelOne ?
Services
Partenaires
Ressources
A propos de
Demander une démo
Back to Resources

WSL: How Linux Ransomware Bypass AV on a Windows Device (unless SentinelOne is installed)

WSL: How Linux Ransomware Bypass AV on a Windows Device (unless SentinelOne is installed)

WSL (Windows Subsystem for Linux) lets administrators run Linux environments and command-line tools directly on Windows machines without the need to use virtualization platforms. WSL also opens a new attack surface and enables AV bypass by skipping Windows user mode hooks. This video demonstrates how SentinelOne agent detects an abuse of the WSL architecture – an open source ransomware named GonnaCry encrypts files at C: drive user’s folder and immediately detected. Visit https://www.sentinelone.com/

-~-

Lisez maintenant
Related Resources

Découvrez la plateforme de cybersécurité la plus avancée au monde

Observez comment notre plateforme de cybersécurité intelligente et autonome peut protéger votre entreprise contre les menaces actuelles et futures.

Demander une démo