From 7456cc8cf066f5e5fc6cdf7d3272a466ebd6b2f6 Mon Sep 17 00:00:00 2001 From: Nightmare-Eclipse Date: Thu, 16 Apr 2026 00:12:53 +0200 Subject: [PATCH] Update README.md --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index c2c6c31..20850f7 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,9 @@ # RedSun The Red Sun vulnerability repository + +Now, normally I would just drop the PoC code and let people figure it out. But I can't for this one, it's way too funny. +When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to it's original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges. + +I think antimalware products are supposed to remove malicious files not be sure they are there but that's just me. + +![BottomText](redsun.jpg)