Power of the Plus Demo - Win10

Hello!

I saw demo and I find it very interesting. If this kind of test would be applied on latest Win10 system would the results be the same?

What about Microsoft Windows Defender Exploit Guard on Win10. Is it comparable with CIX EAP?

 

Best regards,

Miha

 

EDIT: video Power of the Plus

https://vimeo.com/246174588

  • The aspect of the test that would be different on windows 10 is the mimikatz attack on the windows LSAS service. Windows 10 does a fairly good job protecting that, and they will prevent the mimikatz attack but the attack on the registry/disk to recover the hash information is not protected by windows 10.

    I am fairly sure windows 10 would protect from the priv-escalation exploit I used, but others exist for that type of attack.

    The other aspects of the attack are independent of the windows 10 OS version.

    Web Protect - in addition to preventing navigation to suspect malware delivery sites, and scanning the page for malicious content/redirects, the test showed a file download scan. This identification of malware is independent of the windows OS version.

    On-write protection - This is the scan that is triggered when a file is found on disk, (either just written as in this test) or from a scan. This also triggers on access and is independent of OS versrion

    Run time memory scan. This is a suspect behavior triggering a runtime memory scan, and is independent of OS version level

    ML detection of malware on write/execute (Independent of OS version)