Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

What the Vuln: EDR Bypass with LoLBins

Watch the second episode of our What the Vuln livestream series as we explore how to bypass endpoint detection and response (EDR) with native Windows binaries to gain advanced post-exploitation control.

In a world of seemingly endless vulnerability threats, endpoint detection and response solutions (EDR) provide much-needed visibility into device activity with automated detection and remediation of malicious activity. But nothing is foolproof. Stealthy attackers that successfully bypass EDR are more likely to gain long-term control of an endpoint and escalate intrusion activities without any detection.

In the second episode of our What the Vuln series, Allan Cecil, Security Consultant III, interviews Lindsay Von Tish, Security Consultant II, about her hands-on hacking experiment at a recent 0DayAllDay event, a quarterly hacker meetup. Hear how Lindsay bypassed EDR controls with native Windows binaries (LoLBins) to install a C2 agent in a simulated post-exploitation attack scenario.

Watch to hear from our security expert on:  

  • An overview of the lab setup and attack goals
  • How the C2 agent was setup to enable the attack
  • A demo showcasing how to download and execute the payload without detection

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.