Tavis Ormandy, known engineer Project Zero Google has developed a tool that allows you to run Windows Defender DLL in GNU / Linux.
The name given to the tool, LoadLibrary , was chosen with little imagination. Fantasia and a dash of audacity, however, are behind this titanic work carried out by Ormandy.
The tool was released on GitHub, and allows you to bring Linux to Windows Defender on the DLL (Dynamic Link Library). But to what end? The project aims to help researchers in the field of security to carry out testing of fuzzy for vulnerabilities on Windows software faster, effective and scalable.
Loadlibrary allows you to download and run the Windows DLL on GNU / Linux helping testers in its analytical work through specialized pen-testing tool called fuzzers. These enable it to perform automated operations that are based on the submission of random data to applications, in order to detect the presence of anomalies in the output. The fuzzers have the ability to ferret out bugs that are hardly detected during manual code review.
Make a fuzzing distributed and scalable Windows is a particularly difficult and inefficient task while under GNU / Linux other problems occur on a smaller scale. As Ormandy says his experiment allows you to test Windows libraries in minimum container, with very little overhead , ensuring scalability .Thanks to LoadLibrary Ormandy has found a vulnerability that involves the Microsoft Malware Protection Engine that he himself has called ” crazy bad “; bug has already been fixed.
The new Wine? The researcher has clearly stated that LoadLibrary is not intended as an alternative to Wine or Winelib , used respectively to import Windows libraries under development or to simulate entire Windows applications in Linux, but the goal is to enable the GNU software / Linux natively simple to load Windows DLL.