During penetration testing, a tool called DefenderWrite was developed to exploit whitelisted programs in antivirus software, allowing attackers to write files into the antivirus executable folders. The article details the process of identifying these programs and demonstrates successful experiments with Windows Defender and other antivirus products, highlighting potential vulnerabilities in their protections.