Sysmon
Masquerading Windows processes like a DoubleAgent.
I’ve been spending some time building new content for our Introduction to Red Teaming course, which has been great for diving into AV/EDR bypass techniques again. In this blog post, I will demonstrate how to re-weaponise the old “DoubleAgent” technique, making endpoint security products do the hacking work for us. One known vector to shimmy past AV solutions is to use process injections. At BlackHat 2019, a number of process…
Page 1 of 1