search

netero1010 / EDRSilencer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
MIT License
1.46k stars 185 forks source link

checking the SID structure for TokenIntegrityLevel #23

Closed danikdanik closed 4 days ago

danikdanik commented 4 days ago

if the SID for TokenIntegrityLevel isn't the expected structure, GetSidSubAuthority might produce UB.

netero1010 commented 4 days ago

Thanks again for the help.