The execution of penetration tests and red team assessments has become significantly more complex in recent years due to the increase in additional defense measures. Since the rise of EDR solutions, simply running hacker tool X with parameter Y is rarely successful without making manual adjustments. Instead, an in-depth understanding of the underlying attack technique is necessary in order to develop a strategy to bypass these protection mechanisms in a targeted manner.
Although there are a lot of publications on various attack and evasion techniques, I often did not understand many of these techniques well enough to successfully bypass an EDR in particular. So I started writing down techniques in my own words and implementing them in tools whenever possible. This gave me an independent view of how well I had understood an attack technique and how successful I was with it in practice. Writing made me realize that I was asking myself questions that I probably wouldn’t have asked myself otherwise, and therefore wouldn’t have understood many things properly.
This blog summarizes a few of these insights and aims to help others in the area of offensive security.
David Brandau
Pentester & Security Researcher