Illustration of a magnifying glass inspecting and approving one document while an identical, unscanned document shows a hidden warning icon

Novel PoC Attack Dodges AppLocker, Sysmon, EDR Defenses

A documented Windows file-virtualization feature can hide malware from antivirus, AppLocker and Sysmon without a vulnerable driver or a single line of code on disk.

A legitimate Windows file-virtualization feature can be weaponized to blind endpoint detection and response (EDR) tools, sidestep AppLocker, and hide malicious code from antivirus scanners and forensic tools.

The attack is a post-compromise evasion technique that lets an attacker who already controls a system run payloads such as ransomware, credential-theft tools, and similar, while defensive tools like EDR, AppLocker, and Sysmon (Microsoft’s built-in activity-logging tool, now bundled with Windows 11 and Windows Server 2025) are silently redirected to inspect a different, legitimate file instead of the one actually executing, according to research published by Bitdefender Labs on Wednesday.

The abused feature, called a bindlink, is built into a Windows driver called bindflt.sys and is used by Windows Sandbox, Store apps and Windows containers to redirect file paths to one another without altering the original file.

Researchers led by Martin Zugec documented and named three escalating techniques.

“Each technique builds on the one before it, and each closes a weakness left exposed by the previous one,” wrote Zugec, technical solutions director at Bitdefender.

The first technique, File-Binding, tricks Windows into loading a malicious file in place of a trusted one by targeting the trusted file’s path rather than the file itself. In one example, an attacker redirects Windows’ real amsi.dll — the built-in library that scans scripts for malware before they run — so that anything trying to load it from its normal system folder is quietly handed a malicious file instead. PowerShell still thinks it loaded the real scanner; in fact, it loaded one that always reports “clean.”

Process-Binding applies the same trick to a program instead of a file. In Bitdefender’s demonstration, an attacker links the trusted system utility winver.exe to cmd.exe, the command prompt. Launching winver.exe doesn’t run winver.exe — it runs cmd.exe instead. But Windows’ own process logs still identify the running program as winver.exe, so an analyst or security tool checking what’s running sees a harmless utility’s name, not the program actually executing underneath it.

The third and most advanced technique, Silo-Binding, creates two bind links — redirect rules that make one file path silently return a different file’s contents — pointing in opposite directions.

Inside a walled-off area of the system called a silo, the same Windows feature that powers containers, the path for a trusted program is redirected to the malware. Outside that walled-off area, a second rule redirects the malware’s own path back to the clean, trusted file. When a security tool checks on the malware from outside the silo — antivirus, AppLocker, the firewall, Sysmon — it follows that second rule and lands on the clean file, never the malicious one.

The technique works because Windows lets a file path resolve differently depending on who’s asking, a legitimate design choice for containers and app compatibility. Most security tools assume a path always points to one fixed file and never check otherwise.

Bitdefender said it disclosed the findings to Microsoft, which rated the issue low-severity because it requires administrator access already in hand.

Bitdefender pushes back on that analysis and compares bind-link abuse to Bring Your Own Vulnerable Driver (BYOVD) attacks — a technique the security industry already treats as serious despite the same admin-access prerequisite.

Bitdefender said bind-link abuse is now part of its own product threat model, and it published the research to give other vendors and defenders detection guidance.

Every technique described so far assumes the attacker already has administrator rights before the attack begins. However, Bitdefender also disclosed a privilege-escalation path in Docker Desktop, where a user in the docker-users group — who is not a local administrator. In this scenario an attacker can use a bind link to reach SYSTEM-level access on the host.

Docker has since updated its own documentation to warn that docker-users membership can lead to administrative control of the host machine. Additionally, Bitdefender mapped its findings against MITRE ATT&CK, the industry-standard catalog of attacker behaviors, and said the Docker privilege-escalation technique doesn’t fit any existing entry.

Bitdefender’s research comes as ransomware crews increasingly favor this kind of defense-evasion tooling. ESET Research said in March 2026 that its telemetry and incident investigations tracked nearly 90 distinct “EDR killer” tools actively used in the wild, most still built on the driver-based BYOVD method to which Bitdefender compares its findings.

Separately, ransomware actors who attempted to disable EDR tools succeeded 48% of the time, Cisco Talos told The Register in a 2025 interview — and did so early in the attack, not as an afterthought.

Author

  • Tom Spring

    Tom Spring is a cybersecurity journalist covering identity, AI, cloud security and enterprise risk. He is the founder of Security Point Break and former Senior Editorial Director at CyberRisk Alliance, where he led coverage for SC Media, MSSP Alert and ChannelE2E.

    An award-winning reporter, his work has been recognized by the Society of Professional Journalists, ASBPE and the Jesse H. Neal Awards. He focuses on cutting through cybersecurity hype to deliver clear, grounded reporting for security and business leaders.

Total
0
Shares

Leave a Reply

Previous Article
Peter Horadan Discusses Digital Age Verification

Digital Age Verification: Ready or Not, Here it Comes  

Related Posts

Discover more from Security Point Break

Subscribe now to keep reading and get access to the full archive.

Continue reading