research poc
Elastic Security Labs Details Bypass Techniques for Windows Smart App Control and SmartScreenSmart App Control Bypass via Reputation Hijacking and Seeding
Elastic Security Labs published research detailing multiple methods to bypass Windows Smart App Control and SmartScreen reputation-based protections. The techniques include signing malware with fraudulently obtained EV certificates, hijacking the reputation of trusted script hosts like Lua and AutoHotkey, and seeding new binaries to gain a benign reputation. These bypasses allow attackers to achieve initial access without triggering security warnings.