Want to learn how attackers bypass endpoint products? Download slides: https://www.activecountermeasures.com/presentations/ 3:41 – Alternate Interpreters 9:19 – Carbon Black Config Issue 15:07 – Cisco AMP EDR – Quick and Easy Bypass 18:24 – PowerShell AMSI Bypass – Rhino 19:07 – CylancePROTECT Bypass 24:14 – Windows Defender and Carbon Black Bypass 30:36 – Windows Subsystem for Linux […]
Podcast: Play in new window | Download
Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to share just some of the ways Black Hills Information Security bypassed endpoint security in 2018. Unfortunately, these webcasts still seem to be needed because there […]
Podcast: Play in new window | Download
John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to share just some of the ways Black Hills Information Security bypassed endpoint security in 2018. Unfortunately, these webcasts still seem to be […]
John Strand// It’s time for our annual anti virus bypass extravaganza. See why AV can’t be the end all be all solution to your security framework in 2018! And if you already know that but need to implement it? Invite your team! This is always a lot of fun! Slides available here: https://www.dropbox.com/s/96tkxyn4mif3syi/scct2018-Master.pptx?dl=0 Join the BHIS […]
John Strand with BHIS testers // Yes, we did this in 2017, but it’s reflecting work done in 2016.
Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an email with a certain subject line is received. The executable establishes a command and control (C2) session with the attacker’s server. On a recent […]
