research poc
Bring Your Own Reputation (BYOR) Technique Bypasses SmartScreen via Reputable ScriptsBYOR
P.I.V.O.T Security researchers demonstrated a technique called Bring Your Own Reputation (BYOR) that abuses Microsoft SmartScreen's reputation-based trust by sideloading unsigned executables through legitimately-reputed script files (.bat, .cmd, .vbs) containing insecure code paths. This bypasses Mark-of-the-Web (MOTW) and SmartScreen warnings without requiring an EV certificate, and Windows Defender remained silent during the proof-of-concept. The technique highlights that file reputation alone is insufficient for detection, and behavioral monitoring of child processes spawned from script files is necessary.