EDR Alone? You’re a Sitting Duck as Attackers Evade EDR

What’s your Plan B when endpoint protection agents are disabled? In recent nation-state and ransomware attacks, various endpoint protection agents were immobilized or otherwise sidestepped. In this latest installment of our “View from the Attacker” series, we illustrate how one attacker disabled endpoint protection using commonly available tools, obtain domain admin credentials and move laterally without any alerts going off in the endpoint agent console. That is…until the attacker realizes they are interacting with deception. Watch the video to see what happened next.