Back to Resources

WSL: How Linux Ransomware Bypass AV on a Windows Device (unless SentinelOne is installed)

WSL (Windows Subsystem for Linux) lets administrators run Linux environments and command-line tools directly on Windows machines without the need to use virtualization platforms. WSL also opens a new attack surface and enables AV bypass by skipping Windows user mode hooks. This video demonstrates how SentinelOne agent detects an abuse of the WSL architecture – […]
Watch Now