New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›

What the Vuln: EDR Bypass with LoLBins

Date:
Tuesday, March 23, 2023
Purple and teal neon letters on a black background. Lindsay Von Tish headshot and Fox with hoodie and laptop in bottom right.

In a world of seemingly endless vulnerability threats, endpoint detection and response solutions (EDR) provide much-needed visibility into device activity with automated detection and remediation of malicious activity. But nothing is foolproof. Stealthy attackers that successfully bypass EDR are more likely to gain long-term control of an endpoint and escalate intrusion activities without any detection.

In the second episode of our What the Vuln series, Allan Cecil, Security Consultant III, interviews Lindsay Von Tish, Security Consultant II, about her hands-on hacking experiment at a recent 0DayAllDay event, a quarterly hacker meetup. Hear how Lindsay bypassed EDR controls with native Windows binaries (LoLBins) to install a C2 agent in a simulated post-exploitation attack scenario.

Watch to hear from our security expert on:  

  • An overview of the lab setup and attack goals
  • How the C2 agent was setup to enable the attack
  • A demo showcasing how to download and execute the payload without detection

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.