Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Parsa Sarrafian Profile picture
Parsa Sarrafian
@XsarrafX
Maybe Security Researcher | Windows Internals enthusiast
Mar 23, 2023 4 tweets 3 min read
#redteam tip: @Fortinet self protection bypass
Fortinet is using minifilter to prevent copying or deleting files in the app's installed location.
If you Reverse engineer the responsible driver, You will notice that there are some exceptions ImageImageImage and some processes are able to copy/delete files in that location.
But the problem is that "it is only checking the end of the process image name and not the full path".

Since many fortinet exe files has dll hijack vulnerability and runs as a service, using this vulnerability