RedSun

RedSun is a proof-of-concept security project that demonstrates a critical privilege escalation vulnerability in Microsoft Defender by exploiting unintended file-handling behavior. The tool leverages how Defender processes files tagged with cloud metadata, where instead of removing malicious files, the antivirus may rewrite them to their original location. By carefully manipulating this process, the exploit enables attackers to overwrite protected system files and gain SYSTEM-level privileges from a low-privilege account. The repository provides a minimal C++ implementation that showcases this behavior for research and educational purposes. It highlights flaws in endpoint protection logic and emphasizes how race conditions and file system interactions can be abused. The project is not designed as a full framework but as a focused demonstration of a real-world vulnerability. It serves as a stark example of how defensive systems can be turned into attack vectors.

Features

Proof-of-concept privilege escalation exploit
Abuse of Microsoft Defender file rewrite behavior
Demonstration of SYSTEM-level access escalation
Use of cloud file metadata handling flaws
Lightweight C++ implementation
Focus on vulnerability research and education

Project Samples

Project Activity

See All Activity >

License

MIT License

Follow RedSun

RedSun Web Site

Other Useful Business Software

MongoDB Atlas runs apps anywhere

Deploy in 115+ regions with the modern database for every enterprise.

MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.

Start Free

Rate This Project

User Reviews

Be the first to post a review of RedSun!

Additional Project Details

Programming Language

C++

Related Categories

C++ Libraries

Registered

2026-05-05

Similar Business Software

SurveyJS

SurveyJS is an embeddable, self-hosted, white-label form builder for teams building custom forms, surveys, questionnaires, and other data collection tools inside web applications. It runs entirely on the client and is fully compatible with all modern JavaScript frameworks, including React,...

See Software
DHTMLX

DHTMLX is a JavaScript UI library that provides a set of highly customizable and flexible components for building modern and responsive web applications. The library includes more than 30 UI components, such as Gantt, Scheduler, Kanban, diagrams, charts, grids, spreadsheets, calendars, trees,...

See Software
Webix

JavaScript UI library and framework for speeding up web development. JS Framework for cross-platform web Apps development 102 UI widgets and feature-rich CSS / HTML5 JavaScript controls. Save at least 3000+ development hours by using ready-made widgets and UI controls. Develop Web UI 30% faster....

See Software
React

React makes it painless to create interactive UIs. Design simple views for each state in your application, and React will efficiently update and render just the right components when your data changes. Declarative views make your code more predictable and easier to debug. Build encapsulated...

See Software
Bryntum

Bryntum is a leading provider of high-performance scheduling solutions for the web. Our suite of JavaScript components—including Gantt, Scheduler, Task Board, and Calendar—enables developers to build modern project management applications with features like drag-and-drop scheduling, resource...

See Software
RequireJS

RequireJS is a JavaScript file and module loader. It is optimized for in-browser use, but it can be used in other JavaScript environments, like Rhino and Node. Using a modular script loader like RequireJS will improve the speed and quality of your code. This setup assumes you keep all your...

See Software