Want to learn how attackers bypass endpoint products?
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SacredCashCowTipping2020.pdf
3:41 – Alternate Interpreters
9:19 – Carbon Black Config Issue
15:07 – Cisco AMP EDR – Quick and Easy Bypass
18:24 – PowerShell AMSI Bypass – Rhino
19:07 – CylancePROTECT Bypass
24:14 – Windows Defender and Carbon Black Bypass
30:36 – Windows Subsystem for Linux
39:59 – PowerShell HTTP Web Cradle for Downloads
Last year we came to the conclusion that we are going to keep going with the Sacred Cash Cow Tipping Webcast series. Why? Because many in the industry still believe that security is something that can be achieved through the purchase of a single product.
To that end, we feel there is still a need to deconstruct certain parts of security (like AV) and show that there are always structural weaknesses in every security product that is implemented.
This is becoming even more important now that many of the advanced endpoint products are not just fire-and-forget but have an endless array of different configurations that enable a company to shoot themselves in the foot by reducing the overall effectiveness of these products.
So, yes, Sacred Cash Cow Tipping is more important than ever.
To that end, our next webcast will be on bypassing endpoint security products. The goal of this webcast is to help show people that there is still no silver bullet in security. We also desperately want to show that configuration and monitoring still matters.
This is our first webcast of the year. It may run longer than 60 minutes. It will be recorded. We will have a team of Black Hills Testers answering questions throughout the webcast. We have room for 3,000 attendees, so you will be able to attend live if you want.