RedSun is a proof-of-concept security project that demonstrates a critical privilege escalation vulnerability in Microsoft Defender by exploiting unintended file-handling behavior. The tool leverages how Defender processes files tagged with cloud metadata, where instead of removing malicious files, the antivirus may rewrite them to their original location. By carefully manipulating this process, the exploit enables attackers to overwrite protected system files and gain SYSTEM-level privileges from a low-privilege account. The repository provides a minimal C++ implementation that showcases this behavior for research and educational purposes. It highlights flaws in endpoint protection logic and emphasizes how race conditions and file system interactions can be abused. The project is not designed as a full framework but as a focused demonstration of a real-world vulnerability. It serves as a stark example of how defensive systems can be turned into attack vectors.

Features

  • Proof-of-concept privilege escalation exploit
  • Abuse of Microsoft Defender file rewrite behavior
  • Demonstration of SYSTEM-level access escalation
  • Use of cloud file metadata handling flaws
  • Lightweight C++ implementation
  • Focus on vulnerability research and education

Project Samples

RedSun Screenshot 1

Project Activity

See All Activity >

Categories

Libraries

License

MIT License

Follow RedSun

RedSun Web Site

Other Useful Business Software
Fully Managed MySQL, PostgreSQL, and SQL Server Icon
Fully Managed MySQL, PostgreSQL, and SQL Server

Automatic backups, patching, replication, and failover. Focus on your app, not your database.

Cloud SQL handles your database ops end to end, so you can focus on your app.
Try Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of RedSun!

Additional Project Details

Programming Language

C++

Related Categories

C++ Libraries

Registered

2026-05-05
Report inappropriate content