Saturday, July 23, 2022: 4:00 pm (DAC 206): In the fall of 2017, after the WannaCry outbreak, Microsoft implemented ransomware protection in Windows 10 to counter it. The basis of this ransomware protection was "controlled folder access," which is a feature full of holes and various flaws pointed out by many researchers. However, Microsoft says that controlled folder access is the defense-in-depth security feature and is not subject to bug bounty. In 2021, Forbes published an article about ransomware protection of Windows 10 being effective for protection. To show that the article was wrong, Soya decided to recheck previous research on how to inject File Explorer with the latest Windows 10, then found that Microsoft had secretly fixed it. Frustrated, Soya started investigating to see if there were any other holes in the ransomware protection and, as a result, found a way to bypass the ransomware protection in a very silly way. It was possible not only on Windows 10 but also on Windows 11.

In this talk, Soya will review the previous bypass method and present a new ridiculous bypass method, as well as remote attacks using other vulnerabilities along with demonstration videos. This is so simple that anyone can easily imitate it. (However, be sure never to create ransomware with this technique.)

Soya Aoyama