Category Archives: EDR

EDRHackingRed Teaming
Blank Image

Winning Your ‘Arguments’ with EDRs.

A recent client engagement had me thinking about ways to evade security tools that rely heavily on command line arguments. During a red team task, I wanted to dump the SAM database of the victim’s system, but I knew that commands such as “reg save HKLM\SAM SAM” would easily be caught by the installed EDR. […]...