Skip to main content

Posts

Featured

Abusing TotalAV Anti Virus to Delete Arbitrary Files as SYSTEM

Overview While investigating the behavior of a TotalAV Anti Virus, I discovered a serious vulnerability that allows arbitrary file deletion as NT AUTHORITY\SYSTEM . What’s particularly concerning is that this can be triggered by a regular, non-administrative user by abusing how TotalAV Anti Virus handles cleanup routines in conjunction with Windows NTFS junctions. Despite attempts to responsibly disclose this issue to the vendor (TotalAV), I received no acknowledgment or response. I am now publishing technical details to raise awareness and hopefully prompt a fix. The Vulnerability Impact Privilege escalation via file deletion: A non-admin user can delete files owned or protected by SYSTEM by abusing a cleanup feature in the antivirus. Persistence and LPE vectors: By targeting specific files or system DLLs, this could lead to privilege escalation , denial of service , or persistence mechanisms (e.g., deleting scheduled task binaries, logs, or configuration files). Root Ca...

Latest Posts

Password hash leak via email attachment

UAC bypass via dll hijacking and mock directories

IOBit Malware Fighter - Arbitrary Code Execution as NT Authority\System

Arbitrary File Delete via wsreset.exe // Bypass Adaware Antivirus

Software in the middle - Abusing legitimate Software to run arbitrary code

GOG Galaxy - Escalation of Privileges incl. Code Execution