Ingress vulnerable Windows Defender binary

Ingress a vulnerable version of Windows Defender Antimalware Service Executable ( that can side-load a properly formatted Dynamic-link Library (DLL) that exports the function ServiceCrtMain.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Kaseya VSA Attack


Side-load an agent using components of the REvil ransomware attack kill chain.