skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Red Teaming Techniques Evade OpenEDR Detection

/ 1 min read

🦠 Red Teaming Techniques Successfully Evade OpenEDR and Escalate Privileges. A recent article details a Red Teaming exercise using Xcitium OpenEDR and Windows Defender, demonstrating how to evade detection while escalating privileges on a Windows machine. The author utilized DInvoke to bypass EDR hooks and modified a shellcode loader to download and execute payloads without triggering alerts. After gaining high integrity access, the author opted to dump the Security Account Manager (SAM) instead of the heavily monitored Lsass, successfully extracting credentials. Despite generating some alerts, the techniques employed allowed for significant actions without major detection, highlighting the effectiveness of the methods used in the Red Teaming lifecycle. The author invites suggestions for other EDRs and tactics for improved evasion.

Source
{entry.data.source.title}
Original